Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Redirects and pop-ups;Possible deep malware or worse? [Solved]

Started by TerasMinus , Jan 24 2015 11:41 PM

This topic is locked

#1
TerasMinus

Posted 24 January 2015 - 11:41 PM

Member

Member
51 posts

Within the past month, this computer has gone from some slight pop-ups to full on redirects and times when chrome will flat out crash. Im assuming it was due, in part, to the 2 children living here clicking on ads, and just about everything else, when they went searching for flash games, and my friend's father-in-law, also clicking on ads and other stupid things while on craigslist. There could be more to it than that, but we shall find it.

As I said, it started out with a pop up or two here and there, and now it gets to the point where every other page or so, we get redirected to some blinking, flashing ads, with endless popup messages that won't usually let us leave that page, sometimes resulting in us needing to close out of chrome. Other times, after a small while, chrome will just close on its own, with no idea why, after maybe a minute.

I've tried running Malwarebytes twice already, once in quick scan, one in full, and didn't help much.

I have included the two logs from OTL.

OTL.Txt 62.77KB 237 downloads

Extras.Txt 52.21KB 186 downloads

#2
Valinorum

Posted 25 January 2015 - 12:40 AM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

Hi TerasMinus,

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):

Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
Please do not install any new software while we are working on this system as it may hinder our process.
Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
Please do not try to fix anything without being ask.
Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
If you are confused about any instruction, stop and ask. Do not keep on going.
Do not repeat the steps if you face any problems.
I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.

Step #1 Uninstall Programs
I want you to uninstall the following program(s) listed below due to poor reputation we receive about them. To uninstall a program, go to Start > Control Panel > Uninstall a program or Start > Control Panel > Programs and Features. Wait for the list to fill up and double-click on the items I have listed below and follow the on-screen instruction to remove/uninstall them.
- SSAveeLots
- youtubeadblocker
- unisAleS

Step #2 Fix with AdwCleaner
- Download AdwCleaner by Xplode to your Desktop from the following link.
  - Download Link #1
  - Download Link #2
- Right-click on AdwCleaner.exe and choose Run as administrator;
- Click on Scan and let the program run unhindered;
- When done, click on Clean and allow the system to reboot after it is done;
- A log will be opened automatically after the restart;
- Copy and Paste the contents of this log in your reply.

Step #3 Fix with Junkware Removal Tool
Download Junkware Removal Tool by thisisu to your Desktop from the link below.
Download Link 1
Download Link 2
- Disable your anti-virus to avoid potential conflicts. For more information please acknowledge yourself this article;
- Run the program either by double-clicking(Windows XP) or Right-clicking and choosing Run as administrator(Windows Vista and above);
- Please be patient as the tool cleans your system;
- After completion of the process a log named JRT.txt will automatically open and is save to your Desktop;
- Copy and Paste the contents of the log in your next reply.

Step #4 Scan with Farbar Recovery Scan Tool
- Please download Farbar Recovery Scan Tool by Farbar to your Desktop from the link below.
  Download link for 32 bit system
  Download link for 64 bit system
- Right-click on the program and choose Run as administrator;
- Put tick-mark on all boxes under Whitelist and Optional Scan;
- Click on Scan;
- After the scan two notepad files will be opened --
  - FRST.txt;
  - Addition.txt
- Copy and Paste the contents of the logs in your next reply.

Required Log(s):
- AdwCleaner Log
- Junkware Removal Tool Log
- Farbar Tool Log(s)--
  - FRST.txt
  - Addition.txt

Regards,
Valinorum

#3
TerasMinus

Posted 25 January 2015 - 09:16 PM

Member

Topic Starter
Member
51 posts

Good evening, Valinorum .

Here's the AdwCleaner log.

# AdwCleaner v4.109 - Report created 25/01/2015 at 20:38:19

# Updated 24/01/2015 by Xplode

# Database : 2015-01-25.1 [Live]

# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

# Username : Crowder - CROWDER-PC

# Running from : C:\Users\Crowder\Desktop\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

Service Deleted : d65a1a66

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\CeoUPExTension

Folder Deleted : C:\ProgramData\COupExTeonsiiounn

Folder Deleted : C:\ProgramData\SSAveeLots

Folder Deleted : C:\ProgramData\14691208619026991932

Folder Deleted : C:\ProgramData\cbe1a866d242cb3c

Folder Deleted : C:\Program Files (x86)\TampaGeneration

Folder Deleted : C:\Program Files (x86)\SSAveeLots

Folder Deleted : C:\Program Files (x86)\uniisualees

Folder Deleted : C:\Program Files (x86)\uniSalEEs

Folder Deleted : C:\Program Files (x86)\unissales

Folder Deleted : C:\ProgramData\chkbgmdjhoaknadehfepkfncbeolbide

Folder Deleted : C:\ProgramData\nogciamngmbodoeadniddbpaejbdhnke

Folder Deleted : C:\ProgramData\pkebgiedacnifhfopbndnlnncniojdkb

File Deleted : C:\END

File Deleted : C:\Users\Crowder\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage

File Deleted : C:\Users\Crowder\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

File Deleted : C:\Users\Crowder\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage

File Deleted : C:\Users\Crowder\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal

File Deleted : C:\Users\Crowder\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage

File Deleted : C:\Users\Crowder\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal

File Deleted : C:\Users\Crowder\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage

File Deleted : C:\Users\Crowder\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal

File Deleted : C:\Users\Crowder\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\P38c4ea8e_5cfa_4b6b_ae70_14bd8bfa7aea_.P38c4ea8e_5cfa_4b6b_ae70_14bd8bfa7aea_

Key Deleted : HKLM\SOFTWARE\Classes\P38c4ea8e_5cfa_4b6b_ae70_14bd8bfa7aea_.P38c4ea8e_5cfa_4b6b_ae70_14bd8bfa7aea_.9

Key Deleted : HKLM\SOFTWARE\Classes\P61da11c2_de5d_41c4_b4bf_46fb062cf09a_.P61da11c2_de5d_41c4_b4bf_46fb062cf09a_

Key Deleted : HKLM\SOFTWARE\Classes\P61da11c2_de5d_41c4_b4bf_46fb062cf09a_.P61da11c2_de5d_41c4_b4bf_46fb062cf09a_.9

Key Deleted : HKLM\SOFTWARE\Classes\P625f375d_6efb_4792_965e_0e33e3c184c5_.P625f375d_6efb_4792_965e_0e33e3c184c5_

Key Deleted : HKLM\SOFTWARE\Classes\P625f375d_6efb_4792_965e_0e33e3c184c5_.P625f375d_6efb_4792_965e_0e33e3c184c5_.9

Key Deleted : HKLM\SOFTWARE\Classes\Pa3da85ee_c1f2_4795_9c6a_089a3df6ef90_.Pa3da85ee_c1f2_4795_9c6a_089a3df6ef90_

Key Deleted : HKLM\SOFTWARE\Classes\Pa3da85ee_c1f2_4795_9c6a_089a3df6ef90_.Pa3da85ee_c1f2_4795_9c6a_089a3df6ef90_.9

Key Deleted : HKLM\SOFTWARE\Classes\Pd668bfa4_08fc_4cf1_9d34_993097f9f67e_.Pd668bfa4_08fc_4cf1_9d34_993097f9f67e_

Key Deleted : HKLM\SOFTWARE\Classes\Pd668bfa4_08fc_4cf1_9d34_993097f9f67e_.Pd668bfa4_08fc_4cf1_9d34_993097f9f67e_.9

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{d65a1a66}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{38c4ea8e-5cfa-4b6b-ae70-14bd8bfa7aea}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61da11c2-de5d-41c4-b4bf-46fb062cf09a}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{625f375d-6efb-4792-965e-0e33e3c184c5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{a3da85ee-c1f2-4795-9c6a-089a3df6ef90}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{d668bfa4-08fc-4cf1-9d34-993097f9f67e}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{230332DF-D235-47EE-BC42-60860EF144CD}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{625f375d-6efb-4792-965e-0e33e3c184c5}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a3da85ee-c1f2-4795-9c6a-089a3df6ef90}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38c4ea8e-5cfa-4b6b-ae70-14bd8bfa7aea}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{61da11c2-de5d-41c4-b4bf-46fb062cf09a}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{625f375d-6efb-4792-965e-0e33e3c184c5}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3da85ee-c1f2-4795-9c6a-089a3df6ef90}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d668bfa4-08fc-4cf1-9d34-993097f9f67e}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{38c4ea8e-5cfa-4b6b-ae70-14bd8bfa7aea}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{61da11c2-de5d-41c4-b4bf-46fb062cf09a}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{625f375d-6efb-4792-965e-0e33e3c184c5}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{a3da85ee-c1f2-4795-9c6a-089a3df6ef90}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d668bfa4-08fc-4cf1-9d34-993097f9f67e}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38c4ea8e-5cfa-4b6b-ae70-14bd8bfa7aea}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{61da11c2-de5d-41c4-b4bf-46fb062cf09a}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{625f375d-6efb-4792-965e-0e33e3c184c5}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a3da85ee-c1f2-4795-9c6a-089a3df6ef90}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d668bfa4-08fc-4cf1-9d34-993097f9f67e}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{38c4ea8e-5cfa-4b6b-ae70-14bd8bfa7aea}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{61da11c2-de5d-41c4-b4bf-46fb062cf09a}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{625f375d-6efb-4792-965e-0e33e3c184c5}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{a3da85ee-c1f2-4795-9c6a-089a3df6ef90}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{d668bfa4-08fc-4cf1-9d34-993097f9f67e}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{625f375d-6efb-4792-965e-0e33e3c184c5}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a3da85ee-c1f2-4795-9c6a-089a3df6ef90}

Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\SOFTWARE\ORBTR

Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}

Key Deleted : HKLM\SOFTWARE\SPPDCOM

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6933C2BA-C67D-42C7-8C77-1FF4B364AF54}

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Google Chrome v39.0.2171.95

[C:\Users\Crowder\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl

[C:\Users\Crowder\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb

[C:\Users\Crowder\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : chkbgmdjhoaknadehfepkfncbeolbide

[C:\Users\Crowder\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : nogciamngmbodoeadniddbpaejbdhnke

[C:\Users\Crowder\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : pkebgiedacnifhfopbndnlnncniojdkb

*************************

AdwCleaner[R0].txt - [8571 octets] - [25/01/2015 19:31:35]

AdwCleaner[S0].txt - [8532 octets] - [25/01/2015 20:38:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8592 octets] ##########

Here's the Junkware Removal log.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.1 (12.28.2014:1)

OS: Windows 7 Ultimate x64

Ran by Crowder on Sun 01/25/2015 at 20:57:08.57

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 01/25/2015 at 21:00:29.30

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST log

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01

Ran by Crowder (administrator) on CROWDER-PC on 25-01-2015 21:06:53

Running from C:\Users\Crowder\Desktop

Loaded Profiles: Crowder (Available profiles: Crowder)

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Microsoft Corporation) C:\Windows\System32\audiodg.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKU\S-1-5-21-1765512448-2918279905-2912477398-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)

HKU\S-1-5-21-1765512448-2918279905-2912477398-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)

HKU\S-1-5-21-1765512448-2918279905-2912477398-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-11-21] (Apple Inc.)

HKU\S-1-5-21-1765512448-2918279905-2912477398-1001\...\MountPoints2: {ad777f65-7cf7-11e4-948c-001fc6444516} - J:\VerizonWirelessUpgradeAssistantSetup.exe -a

HKU\S-1-5-21-1765512448-2918279905-2912477398-1001\...\MountPoints2: {ae588ce4-7527-11e4-9443-001fc6444516} - J:\VerizonWirelessUpgradeAssistantSetup.exe -a

HKU\S-1-5-21-1765512448-2918279905-2912477398-1001\...\MountPoints2: {cbdaae36-7062-11e4-94da-001fc6444516} - J:\LGAutoRun.exe

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1765512448-2918279905-2912477398-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

Chrome:

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR Profile: C:\Users\Crowder\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Translate) - C:\Users\Crowder\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-01-15]

CHR Extension: (Google Slides) - C:\Users\Crowder\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-20]

CHR Extension: (Download Button) - C:\Users\Crowder\AppData\Local\Google\Chrome\User Data\Default\Extensions\alakoggmijiicdlcjjeakffojoinhlpg [2015-01-16]

CHR Extension: (Google Docs) - C:\Users\Crowder\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-20]

CHR Extension: (Google Drive) - C:\Users\Crowder\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-20]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Crowder\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-20]

CHR Extension: (YouTube) - C:\Users\Crowder\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-20]

CHR Extension: (Google Search) - C:\Users\Crowder\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-20]

CHR Extension: (Google Sheets) - C:\Users\Crowder\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-20]

CHR Extension: (DelugeSiphon) - C:\Users\Crowder\AppData\Local\Google\Chrome\User Data\Default\Extensions\gabdloknkpdefdpkkibplcfnkngbidim [2015-01-24]

CHR Extension: (Facebook Social Plugin) - C:\Users\Crowder\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdmclgnbhdiklglmmdcaelggigiiigpm [2015-01-23]

CHR Extension: (Google Wallet) - C:\Users\Crowder\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-20]

CHR Extension: (Gmail) - C:\Users\Crowder\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 HSF_DP; C:\Windows\System32\DRIVERS\CAX_DP.sys [1485824 2009-02-13] (Conexant Systems, Inc.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

R3 SCTDriverV1011; C:\Windows\System32\drivers\SCTDriverV1011.sys [261712 2012-10-26] (Jungo)

S3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Conexant Systems, Inc.)

S3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

========================== Drivers MD5 =======================

C:\Windows\System32\DRIVERS\1394ohci.sys ==> MD5 is legit

C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit

C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit

C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit

C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit

C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit

C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9

C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit

C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\atikmdag.sys 81FCDBBA547919D59DC134ED717658B4

C:\Windows\System32\DRIVERS\atikmpag.sys AF6B384E03D15471EDCEDDDEBAA363B2

C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49

C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit

C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048

C:\Windows\system32\drivers\appid.sys ==> MD5 is legit

C:\Windows\system32\drivers\arc.sys ==> MD5 is legit

C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit

C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit

C:\Windows\System32\drivers\AtihdW76.sys 33497249626E7787AA5CEA99B226CCA6

C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit

C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit

C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit

C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\CAXHWBS2.sys 46F088D1247E825B313200254EDD9E5B

C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit

C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit

C:\Windows\System32\CLFS.sys ==> MD5 is legit

C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit

C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit

C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706

C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit

C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit

C:\Windows\System32\drivers\csc.sys ==> MD5 is legit

C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit

C:\Windows\System32\drivers\discache.sys ==> MD5 is legit

C:\Windows\System32\drivers\disk.sys ==> MD5 is legit

C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415

C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit

C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868

C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit

C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit

C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit

C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit

C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit

C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit

C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit

C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit

C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit

C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit

C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B

C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0

C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit

C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit

C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A

C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit

C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit

C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit

C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit

C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\CAX_DP.sys 64667D9808FD09FABEDCCF62E8F52662

C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit

C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit

C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit

C:\Windows\System32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366

C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit

C:\Windows\System32\drivers\RTKVHD64.sys BFBABCB231628A4551DBB10D0EA25D62

C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit

C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit

C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit

C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit

C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit

C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6

C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit

C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC

C:\Windows\System32\Drivers\ksecpkg.sys 41774FF331F609EF442B7398EE6202B1

C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit

C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit

C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit

C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit

C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit

C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mdmxsdk.sys E4F44EC214B3E381E1FC844A02926666

C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit

C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit

C:\Windows\System32\drivers\modem.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit

C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\MpFilter.sys 6439D1E559D08BD8A1465A8943357053

C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit

C:\Windows\system32\drivers\mrxdav.sys AE3334958D8F631FF14A0AEB3D7EFB3A

C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC

C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163

C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C

C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit

C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit

C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit

C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit

C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit

C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit

C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit

C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88

C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit

C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit

C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\NisDrvWFP.sys F9EEFFC65C68A45001D1349E652B8B6F

C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2

C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit

C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD

C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A

C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit

C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit

C:\Windows\system32\drivers\parport.sys ==> MD5 is legit

C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C

C:\Windows\System32\drivers\pci.sys ==> MD5 is legit

C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit

C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit

C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit

C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit

C:\Windows\system32\drivers\processr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit

C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit

C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit

C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34

C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41

C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\Rt64win7.sys ABCB5A38A0D85BDF69B7877E1AD1EED5

C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit

C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit

C:\Windows\System32\drivers\SCTDriverV1011.sys 932A176E4A8B9E94CD8633DC4926CB06

C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit

C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit

C:\Windows\system32\drivers\serial.sys ==> MD5 is legit

C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit

C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit

C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit

C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit

C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B

C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28

C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3

C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit

C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit

C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit

C:\Windows\System32\drivers\synth3dvsc.sys C3A39C4079305480972D29C44B868C78

C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E

C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E

C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC

C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit

C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8

C:\Windows\System32\DRIVERS\tdx.sys 70988118145F5F10EF24720B97F35F65

C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit

C:\Windows\system32\drivers\terminpt.sys EF4469AB69EB15E5D3754E6AEAFBCD3D

C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1

C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426

C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07

C:\Windows\System32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192

C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit

C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit

C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit

C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit

C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2

C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A

C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31

C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965

C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA

C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6

C:\Windows\System32\DRIVERS\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3

C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit

C:\Windows\System32\drivers\vga.sys ==> MD5 is legit

C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit

C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit

C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit

C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit

C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit

C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit

C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit

C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\VSTBS26.SYS 93132C69394A99D992095D8CFE464801

C:\Windows\System32\DRIVERS\VSTDPV6.SYS 02071D207A9858FBE3A48CBFD59C4A04

C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit

C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit

C:\Windows\system32\drivers\wd.sys ==> MD5 is legit

C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8

C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit

C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit

C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\CAX_CNXT.sys A6EA7A3FC4B00F48535B506DB1E86EFD

C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D

C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit

C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit

C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F

C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

C:\Windows\System32\DRIVERS\XAudio64.sys E8F3FA126A06F8E7088F63757112A186

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 21:06 - 2015-01-25 21:07 - 00024554 _____ () C:\Users\Crowder\Desktop\FRST.txt

2015-01-25 21:06 - 2015-01-25 21:06 - 00000000 ____D () C:\FRST

2015-01-25 21:05 - 2015-01-25 21:05 - 02129920 _____ (Farbar) C:\Users\Crowder\Downloads\FRST64.exe

2015-01-25 21:05 - 2015-01-25 21:05 - 02129920 _____ (Farbar) C:\Users\Crowder\Desktop\FRST64.exe

2015-01-25 21:00 - 2015-01-25 21:00 - 00000631 _____ () C:\Users\Crowder\Desktop\JRT.txt

2015-01-25 20:57 - 2015-01-25 20:57 - 00000000 ____D () C:\Windows\ERUNT

2015-01-25 20:55 - 2015-01-25 20:55 - 01707939 _____ (Thisisu) C:\Users\Crowder\Desktop\JRT.exe

2015-01-25 20:51 - 2015-01-25 20:51 - 00008700 _____ () C:\Users\Crowder\Desktop\AdwCleaner[S0].txt

2015-01-25 19:31 - 2015-01-25 20:38 - 00000000 ____D () C:\AdwCleaner

2015-01-25 19:31 - 2015-01-25 19:31 - 02194432 _____ () C:\Users\Crowder\Desktop\AdwCleaner.exe

2015-01-24 23:32 - 2015-01-24 23:32 - 00064276 _____ () C:\Users\Crowder\Desktop\OTL.Txt

2015-01-24 23:32 - 2015-01-24 23:32 - 00053464 _____ () C:\Users\Crowder\Desktop\Extras.Txt

2015-01-24 23:31 - 2015-01-24 23:31 - 00053464 _____ () C:\Users\Crowder\Downloads\Extras.Txt

2015-01-24 23:30 - 2015-01-24 23:32 - 00064276 _____ () C:\Users\Crowder\Downloads\OTL.Txt

2015-01-24 23:20 - 2015-01-24 23:20 - 00602112 _____ (OldTimer Tools) C:\Users\Crowder\Downloads\OTL.exe

2015-01-24 20:40 - 2015-01-25 20:45 - 00000000 ___RD () C:\Users\Crowder\iCloudDrive

2015-01-24 20:40 - 2015-01-24 20:46 - 00000000 ____D () C:\Users\Crowder\AppData\Local\Apple Computer

2015-01-24 20:40 - 2015-01-24 20:40 - 00000000 ____D () C:\Users\Crowder\AppData\Local\Apple Inc

2015-01-24 20:35 - 2015-01-24 20:46 - 00000000 ____D () C:\Users\Crowder\AppData\Roaming\Apple Computer

2015-01-24 20:35 - 2015-01-24 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

2015-01-24 20:34 - 2015-01-24 20:34 - 00000000 ____D () C:\Program Files\Common Files\Apple

2015-01-24 20:27 - 2015-01-24 20:27 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

2015-01-24 20:27 - 2015-01-24 20:27 - 00000000 ____D () C:\Windows\System32\Tasks\Apple

2015-01-24 20:27 - 2015-01-24 20:27 - 00000000 ____D () C:\Users\Crowder\AppData\Local\Apple

2015-01-24 20:27 - 2015-01-24 20:27 - 00000000 ____D () C:\Program Files\Bonjour

2015-01-24 20:27 - 2015-01-24 20:27 - 00000000 ____D () C:\Program Files (x86)\Bonjour

2015-01-24 20:27 - 2015-01-24 20:27 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update

2015-01-24 20:26 - 2015-01-24 20:26 - 00000000 ____D () C:\ProgramData\Apple

2015-01-24 20:25 - 2015-01-24 20:26 - 71647536 _____ (Apple Inc.) C:\Users\Crowder\Downloads\icloudsetup.exe

2015-01-23 14:56 - 2015-01-23 14:57 - 00137753 _____ () C:\Users\Crowder\Downloads\2011831100.exe

2015-01-20 23:32 - 2015-01-20 23:32 - 00587448 _____ () C:\Users\Crowder\Downloads\Java (1).exe

2015-01-20 23:00 - 2015-01-20 23:00 - 00587440 _____ () C:\Users\Crowder\Downloads\Java.exe

2015-01-20 10:29 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-01-20 10:29 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2015-01-20 08:56 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2015-01-20 08:56 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2015-01-20 08:56 - 2014-07-06 20:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2015-01-20 08:56 - 2014-07-06 20:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2015-01-20 08:56 - 2014-07-06 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2015-01-20 08:56 - 2014-07-06 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2015-01-20 08:56 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2015-01-20 08:56 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe

2015-01-20 08:56 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe

2015-01-20 08:56 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll

2015-01-20 08:54 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2015-01-20 08:54 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2015-01-20 08:54 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2015-01-20 08:54 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe

2015-01-20 08:54 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe

2015-01-20 08:54 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2015-01-20 08:54 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2015-01-20 08:54 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

2015-01-20 08:54 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll

2015-01-20 08:54 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll

2015-01-20 08:54 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll

2015-01-20 08:54 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

2015-01-20 08:54 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll

2015-01-20 08:54 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll

2015-01-20 08:54 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll

2015-01-20 08:54 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll

2015-01-20 08:54 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

2015-01-19 17:35 - 2015-01-19 17:35 - 00000221 _____ () C:\Users\Crowder\Desktop\FINAL FANTASY XIV A Realm Reborn.url

2015-01-19 02:55 - 2015-01-19 02:55 - 00000000 ____D () C:\Users\Crowder\Documents\My Games

2015-01-19 02:54 - 2015-01-19 02:54 - 00000221 _____ () C:\Users\Crowder\Desktop\Cogs.url

2015-01-19 02:31 - 2015-01-19 17:35 - 00000000 ____D () C:\Users\Crowder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2015-01-16 11:43 - 2015-01-16 11:47 - 367978507 _____ () C:\Users\Crowder\Downloads\Dino Crisis 2 [U] [SLUS-01279].rar

2015-01-16 11:38 - 2015-01-16 11:42 - 285058688 _____ () C:\Users\Crowder\Downloads\Dino Crisis [U] [SLUS-00922].rar

2015-01-16 11:18 - 2015-01-16 11:31 - 988630041 _____ () C:\Users\Crowder\Downloads\Mortal_Kombat_Unchained_USA_PSP-pSyPSP.rar

2015-01-16 11:11 - 2015-01-16 11:18 - 550818051 _____ () C:\Users\Crowder\Downloads\Need_For_Speed_Undercover_USA_PSP-pSyPSP (1).rar

2015-01-16 11:01 - 2015-01-16 11:01 - 00000000 ____D () C:\Program Files (x86)\Download Button

2015-01-16 10:57 - 2015-01-16 10:57 - 01138176 _____ () C:\Users\Crowder\Downloads\Downloader_for_Need For Speed - Undercover.exe

2015-01-16 07:53 - 2015-01-16 07:53 - 00000000 ____D () C:\66a282a5485e87a736162de2608591

2015-01-15 21:28 - 2015-01-15 21:33 - 313471672 _____ () C:\Users\Crowder\Downloads\Jade Cocoon - Legend of Tamamayu [NTSC-U] [SLUS-00854].7z

2015-01-15 20:44 - 2014-06-08 22:47 - 2855579648 _____ () C:\Users\Crowder\Downloads\final fantasy type 0 - Eng.iso

2015-01-15 09:01 - 2015-01-15 09:02 - 00000000 ____D () C:\Users\Crowder\Desktop\nfs carbon own the city

2015-01-15 08:32 - 2015-01-15 08:39 - 550818051 _____ () C:\Users\Crowder\Downloads\Need_For_Speed_Undercover_USA_PSP-pSyPSP.rar

2015-01-15 08:24 - 2015-01-15 08:27 - 200921938 _____ () C:\Users\Crowder\Downloads\Need_For_Speed_Underground_Rivals_USA_PSP-DEV.rar

2015-01-15 08:19 - 2015-01-15 08:24 - 328040778 _____ () C:\Users\Crowder\Downloads\Need_For_Speed_Carbon_Own_The_City_USA_PSP-pSyPSP.rar

2015-01-15 08:06 - 2015-01-15 08:13 - 548343265 _____ () C:\Users\Crowder\Downloads\Gran Turismo 2 - Simulation Mode [NTSC-U] [SCUS-94488].rar

2015-01-15 08:04 - 2015-01-15 08:09 - 346953859 _____ () C:\Users\Crowder\Downloads\Silent Hill [NTSC-U] [SLUS-00707].rar

2015-01-15 07:36 - 2012-12-13 18:45 - 00005650 _____ () C:\Users\Crowder\Desktop\psy-gwgs.nfo

2015-01-15 07:13 - 2015-01-15 07:25 - 921713179 _____ () C:\Users\Crowder\Downloads\Parasite Eve 2 [NTSC-U] [SLUS-01042].rar

2015-01-15 07:08 - 2015-01-15 07:09 - 695684646 _____ () C:\Users\Crowder\Downloads\Parasite Eve [NTSC-U] [SLUS-00662].rar

2015-01-15 07:07 - 2015-01-15 07:32 - 865779768 _____ () C:\Users\Crowder\Downloads\God_of_War_Chains_of_Olympus_USA_PSP-PSN.rar

2015-01-15 07:07 - 2015-01-15 07:29 - 760144388 _____ () C:\Users\Crowder\Downloads\God_Of_War_Ghost_Of_Sparta_USA_PSP-pSyPSP.rar

2015-01-15 06:23 - 2015-01-15 06:23 - 03102460 _____ () C:\Users\Crowder\Downloads\Chrono Trigger (USA) [Hack by Kajar Laboratories v2.1] (~Chrono Trigger Coliseum).zip

2015-01-15 05:57 - 2015-01-16 11:48 - 00000000 ____D () C:\Users\Crowder\Desktop\PSP

2015-01-15 05:50 - 2015-01-15 05:52 - 973553665 _____ () C:\Users\Crowder\Downloads\Gran_Turismo_USA_PSP-pSyPSP (1).rar

2015-01-15 05:25 - 2015-01-15 05:36 - 973553665 _____ () C:\Users\Crowder\Downloads\Gran_Turismo_USA_PSP-pSyPSP.rar

2015-01-15 04:57 - 2015-01-16 10:47 - 00000000 ____D () C:\Program Files (x86)\Google Translate

2015-01-15 04:53 - 2015-01-15 04:54 - 01141248 _____ () C:\Users\Crowder\Downloads\Downloader_for_Gran Turismo.exe

2015-01-15 04:42 - 2015-01-15 04:42 - 00000000 ____D () C:\Users\Crowder\Desktop\pSx

2015-01-15 04:41 - 2015-01-15 04:41 - 00746252 _____ () C:\Users\Crowder\Downloads\PsPpSxBYKiDD.zip

2015-01-14 21:17 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-01-14 21:17 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-01-14 21:17 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-01-14 21:17 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-01-14 21:17 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-01-14 21:17 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-01-14 21:17 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-01-14 21:17 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-01-14 21:17 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-01-14 21:17 - 2014-12-11 11:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2015-01-14 21:17 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2015-01-14 21:17 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll

2015-01-14 21:17 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

2015-01-12 21:23 - 2015-01-13 20:10 - 00000000 ____D () C:\Users\Crowder\Downloads\ecm tools

2015-01-12 21:23 - 2015-01-12 21:23 - 00021604 _____ () C:\Users\Crowder\Downloads\ecm tools.rar

2014-12-31 22:47 - 2014-12-31 22:47 - 00000000 ____D () C:\Users\Crowder\AppData\Local\Skype

2014-12-31 22:46 - 2015-01-01 01:14 - 00000000 ____D () C:\Users\Crowder\AppData\Roaming\Skype

2014-12-31 22:46 - 2014-12-31 22:46 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-12-31 22:46 - 2014-12-31 22:46 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-12-31 22:46 - 2014-12-31 22:46 - 00000000 ____D () C:\ProgramData\Skype

2014-12-31 22:46 - 2014-12-31 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-12-31 22:45 - 2014-12-31 22:45 - 01548384 _____ (Skype Technologies S.A.) C:\Users\Crowder\Downloads\SkypeSetup.exe

2014-12-31 22:17 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll

2014-12-31 22:17 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll

2014-12-31 22:17 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll

2014-12-31 22:17 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll

2014-12-31 22:17 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll

2014-12-31 22:17 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll

2014-12-31 22:17 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll

2014-12-31 22:17 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll

2014-12-31 22:17 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll

2014-12-31 22:17 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll

2014-12-31 22:17 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll

2014-12-31 22:17 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll

2014-12-31 22:17 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll

2014-12-31 22:17 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll

2014-12-31 22:16 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll

2014-12-31 22:16 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll

2014-12-31 22:16 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll

2014-12-31 22:16 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll

2014-12-31 22:16 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll

2014-12-31 22:16 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll

2014-12-31 22:16 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll

2014-12-31 22:16 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll

2014-12-31 22:16 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll

2014-12-31 22:16 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll

2014-12-31 22:16 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll

2014-12-31 22:16 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll

2014-12-31 22:16 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll

2014-12-31 22:16 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll

2014-12-31 22:16 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll

2014-12-31 22:16 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll

2014-12-31 22:16 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll

2014-12-31 22:16 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll

2014-12-31 22:16 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll

2014-12-31 22:16 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll

2014-12-31 22:16 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll

2014-12-31 22:16 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll

2014-12-31 22:16 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll

2014-12-31 22:16 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll

2014-12-31 22:16 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll

2014-12-31 22:16 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll

2014-12-31 22:16 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll

2014-12-31 22:16 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll

2014-12-31 22:16 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll

2014-12-31 22:16 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll

2014-12-31 22:16 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll

2014-12-31 22:16 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll

2014-12-31 22:16 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll

2014-12-31 22:16 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll

2014-12-31 22:16 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll

2014-12-31 22:16 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll

2014-12-31 22:16 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll

2014-12-31 22:16 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll

2014-12-31 22:16 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll

2014-12-31 22:16 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll

2014-12-31 22:16 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll

2014-12-31 22:16 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll

2014-12-31 22:16 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll

2014-12-31 22:16 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll

2014-12-31 22:16 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll

2014-12-31 22:16 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll

2014-12-31 22:16 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll

2014-12-31 22:16 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll

2014-12-31 22:16 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll

2014-12-31 22:16 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll

2014-12-31 22:16 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll

2014-12-31 22:16 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll

2014-12-31 22:16 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll

2014-12-31 22:16 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll

2014-12-31 22:16 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll

2014-12-31 22:16 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll

2014-12-31 22:16 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll

2014-12-31 22:16 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll

2014-12-31 22:16 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll

2014-12-31 22:16 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll

2014-12-31 22:16 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll

2014-12-31 22:16 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll

2014-12-31 22:16 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll

2014-12-31 22:16 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll

2014-12-31 22:16 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll

2014-12-31 22:16 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll

2014-12-31 22:16 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll

2014-12-31 22:16 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll

2014-12-31 22:16 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll

2014-12-31 22:16 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll

2014-12-31 22:16 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll

2014-12-31 22:16 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll

2014-12-31 22:16 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll

2014-12-31 22:16 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll

2014-12-31 22:16 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll

2014-12-31 22:16 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll

2014-12-31 22:16 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll

2014-12-31 22:16 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll

2014-12-31 22:16 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll

2014-12-31 22:16 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll

2014-12-31 22:16 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll

2014-12-31 22:16 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll

2014-12-31 22:16 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll

2014-12-31 22:16 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll

2014-12-31 22:16 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll

2014-12-31 22:16 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll

2014-12-31 22:16 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll

2014-12-31 22:16 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll

2014-12-31 22:16 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll

2014-12-31 22:16 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll

2014-12-31 22:16 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll

2014-12-31 22:16 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll

2014-12-31 22:16 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll

2014-12-31 22:16 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll

2014-12-31 22:16 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll

2014-12-31 22:16 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll

2014-12-31 22:16 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll

2014-12-31 22:16 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll

2014-12-31 22:16 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll

2014-12-31 22:16 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll

2014-12-31 22:16 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll

2014-12-31 22:16 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll

2014-12-31 22:16 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll

2014-12-31 22:16 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll

2014-12-31 22:16 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll

2014-12-31 22:16 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll

2014-12-31 22:16 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll

2014-12-31 22:16 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll

2014-12-31 22:16 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll

2014-12-31 22:16 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll

2014-12-31 22:16 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll

2014-12-31 22:16 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll

2014-12-31 22:16 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll

2014-12-31 22:16 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll

2014-12-31 22:16 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll

2014-12-31 22:16 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll

2014-12-31 22:16 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll

2014-12-31 22:16 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll

2014-12-31 22:16 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll

2014-12-31 22:16 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll

2014-12-31 22:16 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll

2014-12-31 22:16 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll

2014-12-31 22:16 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll

2014-12-31 22:16 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll

2014-12-31 22:16 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll

2014-12-31 22:16 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll

2014-12-31 22:16 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll

2014-12-31 22:16 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll

2014-12-31 22:16 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll

2014-12-31 22:16 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll

2014-12-31 22:16 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll

2014-12-31 22:16 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll

2014-12-31 22:16 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll

2014-12-31 22:16 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll

2014-12-31 22:16 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll

2014-12-31 22:16 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll

2014-12-31 22:16 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll

2014-12-31 22:16 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll

2014-12-31 22:16 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll

2014-12-31 22:16 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll

2014-12-31 22:16 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll

2014-12-31 22:16 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll

2014-12-31 22:16 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll

2014-12-31 22:16 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll

2014-12-31 22:16 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll

2014-12-31 22:16 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll

2014-12-31 22:16 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll

2014-12-31 22:15 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll

2014-12-31 22:15 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll

2014-12-31 22:15 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll

2014-12-31 22:15 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll

2014-12-31 22:15 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll

2014-12-31 22:15 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll

2014-12-31 22:15 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll

2014-12-31 22:15 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll

2014-12-31 22:15 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll

2014-12-31 22:15 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll

2014-12-31 22:15 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll

2014-12-31 22:15 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll

2014-12-31 22:15 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll

2014-12-31 22:15 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll

2014-12-31 22:15 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll

2014-12-31 22:15 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll

2014-12-31 22:15 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll

2014-12-31 22:15 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll

2014-12-31 22:15 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll

2014-12-31 22:15 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll

2014-12-28 20:43 - 2014-12-28 20:43 - 00000000 ____D () C:\Users\Crowder\Documents\Any Video Converter

2014-12-28 20:43 - 2014-12-28 20:43 - 00000000 ____D () C:\Users\Crowder\AppData\Roaming\Anvsoft

2014-12-28 20:43 - 2014-12-28 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvsoft

2014-12-28 20:43 - 2014-12-28 20:43 - 00000000 ____D () C:\Program Files (x86)\Anvsoft

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 20:48 - 2014-10-20 22:37 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-25 20:47 - 2014-10-21 01:40 - 01621192 _____ () C:\Windows\WindowsUpdate.log

2015-01-25 20:45 - 2014-10-20 22:37 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-25 20:44 - 2010-11-20 21:47 - 00068758 _____ () C:\Windows\PFRO.log

2015-01-25 20:44 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-25 20:44 - 2009-07-13 22:51 - 00047022 _____ () C:\Windows\setupact.log

2015-01-25 01:54 - 2014-10-22 08:05 - 00000000 ____D () C:\Program Files (x86)\Steam

2015-01-25 00:09 - 2014-10-20 23:09 - 00000370 _____ () C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Crowder).job

2015-01-24 20:40 - 2014-10-20 22:08 - 00000000 ____D () C:\Users\Crowder

2015-01-24 20:35 - 2009-07-13 22:45 - 00020640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-24 20:35 - 2009-07-13 22:45 - 00020640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-21 00:18 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache

2015-01-20 13:00 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2015-01-20 09:04 - 2014-10-20 22:17 - 00773912 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2015-01-20 09:04 - 2009-07-13 23:13 - 00773912 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-01-16 10:54 - 2014-11-17 16:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-16 07:53 - 2014-10-20 23:56 - 00000000 ____D () C:\Windows\system32\MRT

2015-01-15 07:47 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-12-31 22:16 - 2014-10-22 07:16 - 00027044 _____ () C:\Windows\DirectX.log

2014-12-31 13:12 - 2014-10-20 23:56 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-12-31 05:14 - 2010-11-20 21:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:

====================

C:\Users\Crowder\AppData\Local\Temp\dxwebsetup.exe

C:\Users\Crowder\AppData\Local\Temp\Quarantine.exe

C:\Users\Crowder\AppData\Local\Temp\scpBF2A.tmp.exe

C:\Users\Crowder\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager

--------------------

identifier {bootmgr}

device partition=C:

description Windows Boot Manager

locale en-US

inherit {globalsettings}

default {current}

resumeobject {3a1cabba-58fd-11e4-9e60-e3aa75187816}

displayorder {current}

toolsdisplayorder {memdiag}

timeout 30

Windows Boot Loader

-------------------

identifier {current}

device partition=C:

path \Windows\system32\winload.exe

description Windows 7

locale en-US

inherit {bootloadersettings}

recoverysequence {3a1cabbc-58fd-11e4-9e60-e3aa75187816}

recoveryenabled Yes

osdevice partition=C:

systemroot \Windows

resumeobject {3a1cabba-58fd-11e4-9e60-e3aa75187816}

nx OptIn

Windows Boot Loader

-------------------

identifier {3a1cabbc-58fd-11e4-9e60-e3aa75187816}

device ramdisk=[C:]\Recovery\3a1cabbc-58fd-11e4-9e60-e3aa75187816\Winre.wim,{3a1cabbd-58fd-11e4-9e60-e3aa75187816}

path \windows\system32\winload.exe

description Windows Recovery Environment

inherit {bootloadersettings}

osdevice ramdisk=[C:]\Recovery\3a1cabbc-58fd-11e4-9e60-e3aa75187816\Winre.wim,{3a1cabbd-58fd-11e4-9e60-e3aa75187816}

systemroot \windows

nx OptIn

winpe Yes

Windows Boot Loader

-------------------

identifier {572bcd55-ffa7-11d9-aae2-0007e994107d}

device ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}

path \windows\system32\boot\winload.exe

description HP Recovery Manager

osdevice ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}

systemroot \windows

nx OptIn

detecthal Yes

winpe Yes

Resume from Hibernate

---------------------

identifier {3a1cabba-58fd-11e4-9e60-e3aa75187816}

device partition=C:

path \Windows\system32\winresume.exe

description Windows Resume Application

locale en-US

inherit {resumeloadersettings}

filedevice partition=C:

filepath \hiberfil.sys

debugoptionenabled No

Windows Memory Tester

---------------------

identifier {memdiag}

device partition=C:

path \boot\memtest.exe

description Windows Memory Diagnostic

locale en-US

inherit {globalsettings}

badmemoryaccess Yes

Windows Legacy OS Loader

------------------------

identifier {ntldr}

device partition=C:

path \ntldr

description Earlier Version of Windows

EMS Settings

------------

identifier {emssettings}

bootems Yes

Debugger Settings

-----------------

identifier {dbgsettings}

debugtype Serial

debugport 1

baudrate 115200

RAM Defects

-----------

identifier {badmemory}

Global Settings

---------------

identifier {globalsettings}

inherit {dbgsettings}

{emssettings}

{badmemory}

Boot Loader Settings

--------------------

identifier {bootloadersettings}

inherit {globalsettings}

{hypervisorsettings}

Hypervisor Settings

-------------------

identifier {hypervisorsettings}

hypervisordebugtype Serial

hypervisordebugport 1

hypervisorbaudrate 115200

Resume Loader Settings

----------------------

identifier {resumeloadersettings}

inherit {globalsettings}

Device options

--------------

identifier {3a1cabbd-58fd-11e4-9e60-e3aa75187816}

description Ramdisk Options

ramdisksdidevice partition=C:

ramdisksdipath \Recovery\3a1cabbc-58fd-11e4-9e60-e3aa75187816\boot.sdi

Device options

--------------

identifier {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}

description Ramdisk Device Options

ramdisksdidevice partition=D:

ramdisksdipath \boot\boot.sdi

Setup Ramdisk Options

---------------------

identifier {ramdiskoptions}

description RAM Disk Settings

ramdisksdidevice partition=D:

ramdisksdipath \boot\boot.sdi

LastRegBack: 2015-01-24 11:27

==================== End Of Log ============================

And the Addition log.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01

Ran by Crowder at 2015-01-25 21:08:18

Running from C:\Users\Crowder\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)

Any Video Converter 5.7.6 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)

Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Cogs (HKLM-x32\...\Steam App 26500) (Version: - Lazy 8 Studios)

Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)

Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)

Download Button (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version: - ) <==== ATTENTION

FINAL FANTASY XIV: A Realm Reborn (HKLM-x32\...\Steam App 39210) (Version: - SQUARE ENIX)

Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5910 - Realtek Semiconductor Corp.)

RIFT (HKLM-x32\...\Glyph RIFT) (Version: - Trion Worlds, Inc.)

SCT Device Updater (HKLM-x32\...\{1E05E69C-38E3-40A8-96BA-07900EE62F4F}) (Version: 2.9.8.91 - SCT)

SCTDriversV1011x64 (HKLM\...\{8210330D-4DDA-4356-9941-3B19F8E8A15C}) (Version: 11.0.0 - SCT Performance LLC)

Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.80.4.50 - Conexant Systems)

StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

WinRAR 5.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2014-12-13 13:39 - 00017301 ____A C:\Windows\system32\Drivers\etc\hosts

1.3.3.8 cdncache-a.akamaihd.net

1.3.3.8 cdncache1-a.akamaihd.net

1.3.3.8 intext.linknavi1.com

1.3.3.8 fp130.digitaloptout.com

1.3.3.8 istatic.datafastguru.info

1.3.3.8 cdn.visadd.com

1.3.3.8 ext1.engageya.com

1.3.3.8 cjs.linkbolic.com

1.3.3.8 i.tubejs.info

1.3.3.8 i.crbfjs.info

1.3.3.8 i.fututbjs.info

1.3.3.8 i.iabfjs.info

1.3.3.8 i_crbfjs_info.tlscdn.com

1.3.3.8 cdncache-a.akamaihd.net

1.3.3.8 cdncache1-a.akamaihd.net

1.3.3.8 intext.linknavi1.com

1.3.3.8 fp130.digitaloptout.com

1.3.3.8 istatic.datafastguru.info

1.3.3.8 cdn.visadd.com

1.3.3.8 ext1.engageya.com

1.3.3.8 cjs.linkbolic.com

1.3.3.8 i.tubejs.info

1.3.3.8 i.crbfjs.info

1.3.3.8 i.fututbjs.info

1.3.3.8 i.iabfjs.info

1.3.3.8 i_crbfjs_info.tlscdn.com

1.3.3.8 cdncache-a.akamaihd.net

1.3.3.8 cdncache1-a.akamaihd.net

1.3.3.8 intext.linknavi1.com

There are 536 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {083A0445-B7E5-4B01-8EDA-F8968B11A1E3} - \GPUP No Task File <==== ATTENTION

Task: {188895D1-0AB3-43EC-BD6E-8A0662219693} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)

Task: {1DB72A70-E811-4FB7-BB42-2A447B21BE99} - \Jelbrus Secure Web Task No Task File <==== ATTENTION

Task: {6309D5B9-706E-4868-83FD-C81736D2D565} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {76F184BF-7844-4076-909D-E4AEAFD766D8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)

Task: {D5B55F60-60AB-4C0C-8B96-A633ED6796B2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)

Task: {D5D4F3D1-995F-4005-9CF9-BF942F1D9DAB} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Crowder) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Crowder).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

==================== Loaded Modules (whitelisted) =============

2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-12-11 21:50 - 2014-12-05 19:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll

2014-12-11 21:50 - 2014-12-05 19:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll

2014-10-20 22:49 - 2014-10-20 22:49 - 01887232 _____ () C:\Windows\system32\d3d11.dll

2014-12-11 21:50 - 2014-12-05 19:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll

2014-12-11 21:50 - 2014-12-05 19:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: SlimCleaner Plus => "C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe" /minimize

MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun

========================= Accounts: ==========================

Administrator (S-1-5-21-1765512448-2918279905-2912477398-500 - Administrator - Disabled)

Crowder (S-1-5-21-1765512448-2918279905-2912477398-1001 - Administrator - Enabled) => C:\Users\Crowder

Guest (S-1-5-21-1765512448-2918279905-2912477398-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1765512448-2918279905-2912477398-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

System errors:

=============

Microsoft Office Sessions:

=========================

==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU E2180 @ 2.00GHz

Percentage of memory in use: 36%

Total physical RAM: 4095.29 MB

Available physical RAM: 2613.03 MB

Total Pagefile: 8188.76 MB

Available Pagefile: 6570.68 MB

Total Virtual: 8192 MB

Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:456.52 GB) (Free:179.56 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.24 GB) (Free:0.91 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1549F232)

Partition 1: (Active) - (Size=456.5 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=9.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Cheers!

#4
Valinorum

Posted 25 January 2015 - 10:43 PM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

Please uninstall Google Chrome completely as it has been converted to developer's mode. Did you knowingly include the following entries to your host file?

1.3.3.8 cdncache-a.akamaihd.net
1.3.3.8 cdncache1-a.akamaihd.net
1.3.3.8 intext.linknavi1.com
1.3.3.8 fp130.digitaloptout.com
1.3.3.8 istatic.datafastguru.info
1.3.3.8 cdn.visadd.com
1.3.3.8 ext1.engageya.com
1.3.3.8 cjs.linkbolic.com
1.3.3.8 i.tubejs.info
1.3.3.8 i.crbfjs.info
1.3.3.8 i.fututbjs.info
1.3.3.8 i.iabfjs.info
1.3.3.8 i_crbfjs_info.tlscdn.com
1.3.3.8 cdncache-a.akamaihd.net
1.3.3.8 cdncache1-a.akamaihd.net
1.3.3.8 intext.linknavi1.com
1.3.3.8 fp130.digitaloptout.com
1.3.3.8 istatic.datafastguru.info
1.3.3.8 cdn.visadd.com
1.3.3.8 ext1.engageya.com
1.3.3.8 cjs.linkbolic.com
1.3.3.8 i.tubejs.info
1.3.3.8 i.crbfjs.info
1.3.3.8 i.fututbjs.info
1.3.3.8 i.iabfjs.info
1.3.3.8 i_crbfjs_info.tlscdn.com
1.3.3.8 cdncache-a.akamaihd.net
1.3.3.8 cdncache1-a.akamaihd.net
1.3.3.8 intext.linknavi1.com

You have the following pirated software installed in your PC.

2015-01-15 06:23 - 2015-01-15 06:23 - 03102460 _____ () C:\Users\Crowder\Downloads\Chrono Trigger (USA) [Hack by Kajar Laboratories v2.1] (~Chrono Trigger Coliseum).zip

Please refer to the section 3-p from the Terms of Use:

The posting of links or references to warez or any other type of illegal software is strictly forbidden. By doing so you risk having your user account terminated without warning. We will NOT help anyone we suspect of having obtained their software or services illegally.

Step #5 Uninstall Programs
I want you to uninstall the following program(s) listed below due to poor reputation we receive about them. To uninstall a program, go to Start > Control Panel > Uninstall a program or Start > Control Panel > Programs and Features. Wait for the list to fill up and double-click on the items I have listed below and follow the on-screen instruction to remove/uninstall them.
- Download Button

Step #6 Fix with FRST
Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.

Open Notepad.exe. Do not use any other text editor software;

Copy and Paste the contents inside the code-box to your Notepad --

Start
CreateRestorePoint:
CloseProcesses:
Emptytemp:
Task: {1DB72A70-E811-4FB7-BB42-2A447B21BE99} - \Jelbrus Secure Web Task No Task File <==== ATTENTION
Task: {083A0445-B7E5-4B01-8EDA-F8968B11A1E3} - \GPUP No Task File <==== ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Crowder\AppData\Local\Google\Chrome\
C:\Program Files (x86)\Google\Chrome\
End

Click on File > Save as...
- Inside the File Name box type fixlist.txt;
- From the Save as type drop down list, choose All Files
Save the file to your Desktop;
Re-run FRST.exe and click Fix;
- Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
After the completion, a log will be produced;
Copy and Paste the contents of the log in your next reply.

Required Log(s):
- FRST Fix Log

Regards,
Valinorum

#5
TerasMinus

Posted 27 January 2015 - 08:50 AM

Member

Topic Starter
Member
51 posts

Good day to you.

No, i was not aware of either of those. That explains quite a few things.

Here's that log.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by Crowder at 2015-01-27 08:40:16 Run:1
Running from C:\Users\Crowder\Desktop
Loaded Profiles: Crowder (Available profiles: Crowder)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CreateRestorePoint:
CloseProcesses:
Emptytemp:
Task: {1DB72A70-E811-4FB7-BB42-2A447B21BE99} - \Jelbrus Secure Web Task No Task File <==== ATTENTION
Task: {083A0445-B7E5-4B01-8EDA-F8968B11A1E3} - \GPUP No Task File <==== ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Crowder\AppData\Local\Google\Chrome\
C:\Program Files (x86)\Google\Chrome\
End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1DB72A70-E811-4FB7-BB42-2A447B21BE99}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DB72A70-E811-4FB7-BB42-2A447B21BE99}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Jelbrus Secure Web Task" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{083A0445-B7E5-4B01-8EDA-F8968B11A1E3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{083A0445-B7E5-4B01-8EDA-F8968B11A1E3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GPUP" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\Users\Crowder\AppData\Local\Google\Chrome => Moved successfully.
"C:\Program Files (x86)\Google\Chrome" => File/Directory not found.
EmptyTemp: => Removed 6.3 GB temporary data.

The system needed a reboot.

==== End of Fixlog 08:41:29 ====

Cheers

#6
Valinorum

Posted 28 January 2015 - 03:15 AM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

Did you add the entries to your Hosts file as I asked in my previous reply? How is your system performing?

#7
TerasMinus

Posted 28 January 2015 - 09:46 AM

Member

Topic Starter
Member
51 posts

I did not add those entries.

It seems like everything is running fine now. Havent had any pop ups or redirects.

I thank you for that.

#8
Valinorum

Posted 28 January 2015 - 10:39 AM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

Step #7 Fix with FRST
Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
- Open Notepad.exe. Do not use any other text editor software;
- Copy and Paste the contents inside the code-box to your Notepad --
```
Start
Closeprocesses:
Hosts:
End
```
- Click on File > Save as...
  - Inside the File Name box type fixlist.txt;
  - From the Save as type drop down list, choose All Files
- Save the file to your Desktop;
- Re-run FRST.exe and click Fix;
  - Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
- After the completion, a log will be produced;
- Copy and Paste the contents of the log in your next reply.

Step #8 Scan with Malwarebytes' Anti-Malware
- Download Malwarebytes' Anti-Malware from the suitable link below --
- Double-click mbam-setup.exe to install the application.
- Before clicking Finish perform the following actions --
  - Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
  - Check the box beside Launch Malwarebytes Anti-Malware
- Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
- Click on Setting--
  - Navigate to the tab Detection and Protection and check all the boxes under Detection Options
- From the Dashboard click on Scan Now;
- If threats are detected click on Apply actions. If the program asks to reboot your PC, let it do so;
- On completion of the scan click on View Detailed Log after that click on Export Button, select Text File and save the log to your Desktop;
- Copy and Paste the contents of the log in your next reply.

Step #9 ESET Online Scanner
Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
- Download esetsmartinstaller_enu.exe by clicking here.
- Right-click on the program and choose Run as administrator.
- Accept their terms and condition and proceed.
- Install Add-On/Active X if prompted.
- From the Computer Scan Setting check the following box --
  - Enable detection for potentially unwanted programs
- Click on Advanced Setting --
  - Check the box beside Remove Found Threats;
  - Check the box beside Scan archives
  - Check the box beside Scan for potentially unsafe applications
  - Check the box beside Enable Anti-Stealth Technology
- Click on Start and wait for the virus signature database to update.
- The online scan will begin automatically and can take several hours.
  - Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
- After the Scan finishes --
  - If no threats were found:
    - Put a checkmark in Uninstall application on close.
    - Close the program and report that nothing was found
  - If threats were found:
    - Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
    - Copy and Paste contents of the log file in your next reply.
Note: Enable your security programs afterwards.

Required Log(s):
- FRST Scan Log
- Malwarebytes' Anti-Malware Log
- ESET Scan Log

Regards,
Valinorum

#9
TerasMinus

Posted 31 January 2015 - 02:45 AM

Member

Topic Starter
Member
51 posts

Sorry for the late reply. Took a few tries to finally get ESET to finish. Luckily I had the night off to let it run this time.

Anyway here's the FRST fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-01-2015
Ran by Crowder at 2015-01-29 08:56:10 Run:2
Running from C:\Users\Crowder\Desktop
Loaded Profiles: Crowder (Available profiles: Crowder)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
Closeprocesses:
Hosts:
End
*****************

Processes closed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

The system needed a reboot.

==== End of Fixlog 08:56:11 ====

Here's the Malwarebytes log

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/29/2015
Scan Time: 10:07:25 AM
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.29.07
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Crowder

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 324328
Time Elapsed: 19 min, 36 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

And finally, the ESET log

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=fc99f13f9f04f84c88001ebc3c2b0947
# engine=22209
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-01-30 01:28:10
# local_time=2015-01-29 07:28:10 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 7787158 45453684 0 0
# scanned=36074
# found=14
# cleaned=0
# scan_time=32267
sh=562ABB226B0261DA256B163994DDC58CCA719B8B ft=1 fh=c71c001136a85c7e vn="a variant of Win32/SProtector.L potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TampaGeneration\TampaGeneration.dll.vir"
sh=4E60553D899931736B94BA6711A81E0AC5B3F42F ft=1 fh=c71c00117248b224 vn="a variant of Win32/Adware.MultiPlug.EG application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\CeoUPExTension\alTWf8yvped3nZ.dll.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="a variant of Win32/AdWare.MultiPlug.BN application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\CeoUPExTension\alTWf8yvped3nZ.exe.vir"
sh=6397D89A57C0E9CDFE413A373DCBCC4B22EC9807 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\chkbgmdjhoaknadehfepkfncbeolbide\r.js.vir"
sh=AEC350B2DF213B8E31CA31C83C49949D17814C50 ft=1 fh=c71c00113c8824fe vn="a variant of Win32/Adware.MultiPlug.EG application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\COupExTeonsiiounn\EcQuMj9XpQPo1m.dll.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="a variant of Win32/AdWare.MultiPlug.BN application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\COupExTeonsiiounn\EcQuMj9XpQPo1m.exe.vir"
sh=C3EC99C53AA23A9BE762DF80972744C7D372AC80 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\nogciamngmbodoeadniddbpaejbdhnke\CIxnF.js.vir"
sh=BCB1617E55F3DA5A1E26BDD66E005B2B65AD0A81 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\pkebgiedacnifhfopbndnlnncniojdkb\lsdb.js.vir"
sh=7291D4EE1D6B0104E976572E67B050843463AFF8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\pkebgiedacnifhfopbndnlnncniojdkb\xXQosSIgH.js.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="a variant of Win32/AdWare.MultiPlug.BN application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\SSAveeLots\ey0wGFI2V9CWJ7.exe.vir"
sh=DFD57C01470B781A565840C2D4E19773BB1AAEDC ft=1 fh=4cb707cd8706b92d vn="a variant of MSIL/Adware.WiseInstaller.A application" ac=I fn="C:\Users\Crowder\AppData\Roaming\Kakao\NetInstall.exe"
sh=AD359F9AEB3ACC4396982EDAA7D2D8816CCDF704 ft=1 fh=0e92f613a45ecf97 vn="a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted application" ac=I fn="C:\Users\Crowder\Desktop\PSP\phone games\Ghost Camera Photos\Download\iLividSetupV1.exe"
sh=65B303F24EFAAA9ACF18CD50E928B6261737994A ft=1 fh=c71c00112c530de2 vn="a variant of Win32/Adware.MultiPlug.EI application" ac=I fn="C:\Users\Crowder\Downloads\Downloader_for_Gran Turismo.exe"
sh=E394CA63E288FD6B43957702357248D570FA4E0D ft=1 fh=deec309446665d63 vn="a variant of Win32/Adware.MultiPlug.EI application" ac=I fn="C:\Users\Crowder\Downloads\Downloader_for_Need For Speed - Undercover.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=fc99f13f9f04f84c88001ebc3c2b0947
# engine=22227
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-01-31 01:24:55
# local_time=2015-01-30 07:24:55 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 7873363 45539889 0 0
# scanned=825254
# found=193
# cleaned=0
# scan_time=37343
sh=562ABB226B0261DA256B163994DDC58CCA719B8B ft=1 fh=c71c001136a85c7e vn="a variant of Win32/SProtector.L potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TampaGeneration\TampaGeneration.dll.vir"
sh=4E60553D899931736B94BA6711A81E0AC5B3F42F ft=1 fh=c71c00117248b224 vn="a variant of Win32/Adware.MultiPlug.EG application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\CeoUPExTension\alTWf8yvped3nZ.dll.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="a variant of Win32/AdWare.MultiPlug.BN application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\CeoUPExTension\alTWf8yvped3nZ.exe.vir"
sh=6397D89A57C0E9CDFE413A373DCBCC4B22EC9807 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\chkbgmdjhoaknadehfepkfncbeolbide\r.js.vir"
sh=AEC350B2DF213B8E31CA31C83C49949D17814C50 ft=1 fh=c71c00113c8824fe vn="a variant of Win32/Adware.MultiPlug.EG application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\COupExTeonsiiounn\EcQuMj9XpQPo1m.dll.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="a variant of Win32/AdWare.MultiPlug.BN application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\COupExTeonsiiounn\EcQuMj9XpQPo1m.exe.vir"
sh=C3EC99C53AA23A9BE762DF80972744C7D372AC80 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\nogciamngmbodoeadniddbpaejbdhnke\CIxnF.js.vir"
sh=BCB1617E55F3DA5A1E26BDD66E005B2B65AD0A81 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\pkebgiedacnifhfopbndnlnncniojdkb\lsdb.js.vir"
sh=7291D4EE1D6B0104E976572E67B050843463AFF8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\pkebgiedacnifhfopbndnlnncniojdkb\xXQosSIgH.js.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="a variant of Win32/AdWare.MultiPlug.BN application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\SSAveeLots\ey0wGFI2V9CWJ7.exe.vir"
sh=DFD57C01470B781A565840C2D4E19773BB1AAEDC ft=1 fh=4cb707cd8706b92d vn="a variant of MSIL/Adware.WiseInstaller.A application" ac=I fn="C:\Users\Crowder\AppData\Roaming\Kakao\NetInstall.exe"
sh=AD359F9AEB3ACC4396982EDAA7D2D8816CCDF704 ft=1 fh=0e92f613a45ecf97 vn="a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted application" ac=I fn="C:\Users\Crowder\Desktop\PSP\phone games\Ghost Camera Photos\Download\iLividSetupV1.exe"
sh=65B303F24EFAAA9ACF18CD50E928B6261737994A ft=1 fh=c71c00112c530de2 vn="a variant of Win32/Adware.MultiPlug.EI application" ac=I fn="C:\Users\Crowder\Downloads\Downloader_for_Gran Turismo.exe"
sh=E394CA63E288FD6B43957702357248D570FA4E0D ft=1 fh=deec309446665d63 vn="a variant of Win32/Adware.MultiPlug.EI application" ac=I fn="C:\Users\Crowder\Downloads\Downloader_for_Need For Speed - Undercover.exe"
sh=E38758BF434FFE899E9514DD9D1CD7666A374CF2 ft=1 fh=a87714223500bc4a vn="MSIL/Soft32Downloader.C potentially unwanted application" ac=I fn="C:\Users\Crowder\Downloads\microsoft security essentials setup.exe"
sh=C344CB809ACAE29686A0C84BE3674B9AE66F75D3 ft=1 fh=20029562540122d4 vn="Win32/InstallMonetizer.AG potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Application Data\Temp\file.exe"
sh=9AACEFDBDE3B44E6CD0C1D1D022E765842E5E396 ft=1 fh=42a0482b247aec3e vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Application Data\Temp\hsbing_717_active.exe"
sh=ED0FFF33D2DA9A36F99C67DB4BDF3C142E2F79DF ft=0 fh=0000000000000000 vn="Win32/SweetIM.K potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Application Data\Temp\mgsqlite3.7z"
sh=C8F1E3F28152C6C010B7AE8FA4D167E3C388FF0C ft=1 fh=84ff0b58ed098a1d vn="Win32/SweetIM.K potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Application Data\Temp\mgsqlite3.dll"
sh=C070B9AF00E86BC9535004002157969B3DA9CD31 ft=1 fh=83608e10c237ab94 vn="a variant of Win32/SweetIM.C potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Application Data\Temp\Shortcut_sweetpacks_562013.exe"
sh=BB56E94C70642CF4371CF4D29FF2E31D4C1F4331 ft=1 fh=1e23617a5cfdca37 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Application Data\Temp\svcboot.dll"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Application Data\Temp\{5E3FE3CD-603C-487F-BDA0-6F73F07F1EA7}.dll"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Application Data\Temp\{7DE1954D-C717-4C13-BD6A-5B02AEDE32FB}.dll"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Application Data\Temp\{C7452FEE-4DDB-4632-ADBA-31FBBB246113}.dll"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Application Data\Temp\{D92D2DEC-D009-46DC-8CDE-FEA0660D122F}.dll"
sh=4EFF85B22D0DB50A315C64B436797B9F20EBAA99 ft=1 fh=5009c0fdf5a1e8bb vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Application Data\Temp\{E9C45892-5E89-490B-9952-4B99DBECC2A8}.dll"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Application Data\Temp\{F751405F-393E-47DD-8D5E-508B1374996B}.dll"
sh=470CFC5C5270CFFF4E4E6ED40FB42621CC9ECF10 ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Application Data\Temp\Smartbar\LinkuryInstaller.msi"
sh=B287E79D3689132DFD25667C194CD14787DE0815 ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Application Data\Temp\Smartbar\03f747f3-50c7-4d66-9b1c-ff3a3966ffe9\LinkuryInstaller.msi"
sh=B6F79C763945CCB3EE7289F390B2787506322D2F ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Application Data\Temp\Smartbar\127aca2b-e411-47cc-9f90-6d40fc07b68f\LinkuryInstaller.msi"
sh=31D020E4B21930C9DAB92C13741F8B26E69FA79E ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Application Data\Temp\Smartbar\4776bbfa-4688-472e-a339-78fc9e492c23\LinkuryInstaller.msi"
sh=21E6BFD8299818F52F144A4A2DA2452E88BF58D0 ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Application Data\Temp\Smartbar\b3192a3a-04a0-4716-992a-466d5f5b2462\LinkuryInstaller.msi"
sh=C344CB809ACAE29686A0C84BE3674B9AE66F75D3 ft=1 fh=20029562540122d4 vn="Win32/InstallMonetizer.AG potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Temp\file.exe"
sh=9AACEFDBDE3B44E6CD0C1D1D022E765842E5E396 ft=1 fh=42a0482b247aec3e vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Temp\hsbing_717_active.exe"
sh=ED0FFF33D2DA9A36F99C67DB4BDF3C142E2F79DF ft=0 fh=0000000000000000 vn="Win32/SweetIM.K potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Temp\mgsqlite3.7z"
sh=C8F1E3F28152C6C010B7AE8FA4D167E3C388FF0C ft=1 fh=84ff0b58ed098a1d vn="Win32/SweetIM.K potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Temp\mgsqlite3.dll"
sh=C070B9AF00E86BC9535004002157969B3DA9CD31 ft=1 fh=83608e10c237ab94 vn="a variant of Win32/SweetIM.C potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Temp\Shortcut_sweetpacks_562013.exe"
sh=BB56E94C70642CF4371CF4D29FF2E31D4C1F4331 ft=1 fh=1e23617a5cfdca37 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Temp\svcboot.dll"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Temp\{5E3FE3CD-603C-487F-BDA0-6F73F07F1EA7}.dll"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Temp\{7DE1954D-C717-4C13-BD6A-5B02AEDE32FB}.dll"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Temp\{C7452FEE-4DDB-4632-ADBA-31FBBB246113}.dll"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Temp\{D92D2DEC-D009-46DC-8CDE-FEA0660D122F}.dll"
sh=4EFF85B22D0DB50A315C64B436797B9F20EBAA99 ft=1 fh=5009c0fdf5a1e8bb vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Temp\{E9C45892-5E89-490B-9952-4B99DBECC2A8}.dll"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Temp\{F751405F-393E-47DD-8D5E-508B1374996B}.dll"
sh=470CFC5C5270CFFF4E4E6ED40FB42621CC9ECF10 ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Temp\Smartbar\LinkuryInstaller.msi"
sh=B287E79D3689132DFD25667C194CD14787DE0815 ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Temp\Smartbar\03f747f3-50c7-4d66-9b1c-ff3a3966ffe9\LinkuryInstaller.msi"
sh=B6F79C763945CCB3EE7289F390B2787506322D2F ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Temp\Smartbar\127aca2b-e411-47cc-9f90-6d40fc07b68f\LinkuryInstaller.msi"
sh=31D020E4B21930C9DAB92C13741F8B26E69FA79E ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Temp\Smartbar\4776bbfa-4688-472e-a339-78fc9e492c23\LinkuryInstaller.msi"
sh=21E6BFD8299818F52F144A4A2DA2452E88BF58D0 ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Temp\Smartbar\b3192a3a-04a0-4716-992a-466d5f5b2462\LinkuryInstaller.msi"
sh=21A3F8B9EF43C10255BF3C69BA4674B72EB7D609 ft=0 fh=0000000000000000 vn="Java/Agent.FI trojan" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\457676c3-6571a8cf"
sh=BA9CF2296D2EE10F0181DF2471BBB10B9637F3E5 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-1723.FO trojan" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\4b818a23-7e42698f"
sh=3FDFB7AEAAC76DBA4DC8C77B452E9AC015B659B4 ft=1 fh=e43d2002ef17bac7 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.3.2.windows.exe"
sh=F5E97BBCE283F72D986AFAFA92DF188E72D515F4 ft=1 fh=b315b1b118c78d13 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.3.8.windows.exe"
sh=3FDFB7AEAAC76DBA4DC8C77B452E9AC015B659B4 ft=1 fh=e43d2002ef17bac7 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\angie\Application Data\FrostWire\.AppSpecialShare\frostwire-5.3.2.windows.exe"
sh=F5E97BBCE283F72D986AFAFA92DF188E72D515F4 ft=1 fh=b315b1b118c78d13 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\angie\Application Data\FrostWire\.AppSpecialShare\frostwire-5.3.8.windows.exe"
sh=C344CB809ACAE29686A0C84BE3674B9AE66F75D3 ft=1 fh=20029562540122d4 vn="Win32/InstallMonetizer.AG potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\Local Settings\Temp\file.exe"
sh=9AACEFDBDE3B44E6CD0C1D1D022E765842E5E396 ft=1 fh=42a0482b247aec3e vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\Local Settings\Temp\hsbing_717_active.exe"
sh=ED0FFF33D2DA9A36F99C67DB4BDF3C142E2F79DF ft=0 fh=0000000000000000 vn="Win32/SweetIM.K potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\Local Settings\Temp\mgsqlite3.7z"
sh=C8F1E3F28152C6C010B7AE8FA4D167E3C388FF0C ft=1 fh=84ff0b58ed098a1d vn="Win32/SweetIM.K potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\Local Settings\Temp\mgsqlite3.dll"
sh=C070B9AF00E86BC9535004002157969B3DA9CD31 ft=1 fh=83608e10c237ab94 vn="a variant of Win32/SweetIM.C potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\Local Settings\Temp\Shortcut_sweetpacks_562013.exe"
sh=BB56E94C70642CF4371CF4D29FF2E31D4C1F4331 ft=1 fh=1e23617a5cfdca37 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\angie\Local Settings\Temp\svcboot.dll"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\angie\Local Settings\Temp\{5E3FE3CD-603C-487F-BDA0-6F73F07F1EA7}.dll"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\angie\Local Settings\Temp\{7DE1954D-C717-4C13-BD6A-5B02AEDE32FB}.dll"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\angie\Local Settings\Temp\{C7452FEE-4DDB-4632-ADBA-31FBBB246113}.dll"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\angie\Local Settings\Temp\{D92D2DEC-D009-46DC-8CDE-FEA0660D122F}.dll"
sh=4EFF85B22D0DB50A315C64B436797B9F20EBAA99 ft=1 fh=5009c0fdf5a1e8bb vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\angie\Local Settings\Temp\{E9C45892-5E89-490B-9952-4B99DBECC2A8}.dll"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\angie\Local Settings\Temp\{F751405F-393E-47DD-8D5E-508B1374996B}.dll"
sh=470CFC5C5270CFFF4E4E6ED40FB42621CC9ECF10 ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\Local Settings\Temp\Smartbar\LinkuryInstaller.msi"
sh=B287E79D3689132DFD25667C194CD14787DE0815 ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\Local Settings\Temp\Smartbar\03f747f3-50c7-4d66-9b1c-ff3a3966ffe9\LinkuryInstaller.msi"
sh=B6F79C763945CCB3EE7289F390B2787506322D2F ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\Local Settings\Temp\Smartbar\127aca2b-e411-47cc-9f90-6d40fc07b68f\LinkuryInstaller.msi"
sh=31D020E4B21930C9DAB92C13741F8B26E69FA79E ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\Local Settings\Temp\Smartbar\4776bbfa-4688-472e-a339-78fc9e492c23\LinkuryInstaller.msi"
sh=21E6BFD8299818F52F144A4A2DA2452E88BF58D0 ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\Local Settings\Temp\Smartbar\b3192a3a-04a0-4716-992a-466d5f5b2462\LinkuryInstaller.msi"
sh=A2C21B1F2718A7D022910AF00A741ED01221464D ft=1 fh=5ae6851c43164718 vn="a variant of Win32/Toolbar.MyWebSearch.AN potentially unwanted application" ac=I fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\5qbarsvc.exe"
sh=546E5804E61368F4AF9E26CD52A469230AED05CD ft=1 fh=29d5674619e5736c vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\5qbrstub.dll"
sh=792E85EE362552160AD7632D71F2D4EB6206912C ft=1 fh=55e46b04b93631d9 vn="a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\5qdatact.dll"
sh=C791E62F68E51E6A942B106809A3478F2D9BB8A3 ft=1 fh=8aec12d3b2dc0ae8 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\5qdyn.dll"
sh=5BA51A58DD8AEF51376DB0B4253DFA17165F2BB9 ft=1 fh=3388171bc2150682 vn="a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\5qfeedmg.dll"
sh=D3A3AAD17EAEAF2ADAA20B3DEB5262D9F7706B9B ft=1 fh=0f8420f2b23f110a vn="a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\5qhtmlmu.dll"
sh=3CFCC6717268EB940782C322AEB08FB82E9DD36B ft=1 fh=58cb120cd7b00349 vn="a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\5qhttpct.dll"
sh=811FFF416C7AF0E33CDE7308F7225B40EE795BE1 ft=1 fh=d580e83e6816c538 vn="a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\5qimpipe.exe"
sh=6700B74F0E93837EB24C05B703C91F3A177A81B2 ft=1 fh=7c63f3ddad3c13ba vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\5qmlbtn.dll"
sh=F39A36A27AF0786853017ED30F17BA4F51EA8E06 ft=1 fh=d27ce0ee6be81de0 vn="a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\5qmsg.dll"
sh=42B1738E4FDCBAB4C1C71998281AD4CA3311E1EE ft=1 fh=8b2933891db59718 vn="a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\5qscript.dll"
sh=B41AC465E6B19F0DC69BA54AEDDEAB016CC065B2 ft=1 fh=60c100c39ef27d5b vn="a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application" ac=I fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\5qskin.dll"
sh=E2107D498B5A82156D9ACB4BEB73517B34D6F2C7 ft=1 fh=d5a185124a124480 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\5qsknlcr.dll"
sh=68C0E999AF020BDFE233B3B6077B4D5F4340D0FA ft=1 fh=452a3fd5c29b434b vn="a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\5qtpinst.dll"
sh=EED52AB780F0934EE703E9AD20F6D3105F6A9A3D ft=1 fh=84987adf27fa98e9 vn="a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\5quabtn.dll"
sh=A5663026FF7EB7F2F6EE6534504B61378BC3ADB1 ft=1 fh=d7d4d9a3470b97f1 vn="a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application" ac=I fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\CREXT.DLL"
sh=D6B3DE7E46C958E8864E9227E0CD229D1800773A ft=1 fh=77c643e741eb6fbb vn="a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application" ac=I fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\CrExtP5q.exe"
sh=D01C8BB4CF3D7B283B773955F6BDBDDE719F60E2 ft=1 fh=0e1a5df9af1a71f2 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\T8EXTEX.DLL"
sh=800FE1D36B2B1FE3ECC01368CAC24064E168E5A1 ft=1 fh=e10f6d9fc37e528f vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\T8EXTPEX.DLL"
sh=26F6747A5BD8F39F0109C955E5FAEC563AEFDD4A ft=1 fh=fcddf74a54291382 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\T8TICKER.DLL"
sh=C344CB809ACAE29686A0C84BE3674B9AE66F75D3 ft=1 fh=20029562540122d4 vn="Win32/InstallMonetizer.AG potentially unwanted application" ac=I fn="C:\Windows.old\Users\angie\AppData\Local\Temp\file.exe"
sh=9AACEFDBDE3B44E6CD0C1D1D022E765842E5E396 ft=1 fh=42a0482b247aec3e vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows.old\Users\angie\AppData\Local\Temp\hsbing_717_active.exe"
sh=ED0FFF33D2DA9A36F99C67DB4BDF3C142E2F79DF ft=0 fh=0000000000000000 vn="Win32/SweetIM.K potentially unwanted application" ac=I fn="C:\Windows.old\Users\angie\AppData\Local\Temp\mgsqlite3.7z"
sh=C8F1E3F28152C6C010B7AE8FA4D167E3C388FF0C ft=1 fh=84ff0b58ed098a1d vn="Win32/SweetIM.K potentially unwanted application" ac=I fn="C:\Windows.old\Users\angie\AppData\Local\Temp\mgsqlite3.dll"
sh=C070B9AF00E86BC9535004002157969B3DA9CD31 ft=1 fh=83608e10c237ab94 vn="a variant of Win32/SweetIM.C potentially unwanted application" ac=I fn="C:\Windows.old\Users\angie\AppData\Local\Temp\Shortcut_sweetpacks_562013.exe"
sh=BB56E94C70642CF4371CF4D29FF2E31D4C1F4331 ft=1 fh=1e23617a5cfdca37 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Users\angie\AppData\Local\Temp\svcboot.dll"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Users\angie\AppData\Local\Temp\{5E3FE3CD-603C-487F-BDA0-6F73F07F1EA7}.dll"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Users\angie\AppData\Local\Temp\{7DE1954D-C717-4C13-BD6A-5B02AEDE32FB}.dll"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Users\angie\AppData\Local\Temp\{C7452FEE-4DDB-4632-ADBA-31FBBB246113}.dll"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Users\angie\AppData\Local\Temp\{D92D2DEC-D009-46DC-8CDE-FEA0660D122F}.dll"
sh=4EFF85B22D0DB50A315C64B436797B9F20EBAA99 ft=1 fh=5009c0fdf5a1e8bb vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Users\angie\AppData\Local\Temp\{E9C45892-5E89-490B-9952-4B99DBECC2A8}.dll"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Users\angie\AppData\Local\Temp\{F751405F-393E-47DD-8D5E-508B1374996B}.dll"
sh=470CFC5C5270CFFF4E4E6ED40FB42621CC9ECF10 ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Users\angie\AppData\Local\Temp\Smartbar\LinkuryInstaller.msi"
sh=B287E79D3689132DFD25667C194CD14787DE0815 ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Users\angie\AppData\Local\Temp\Smartbar\03f747f3-50c7-4d66-9b1c-ff3a3966ffe9\LinkuryInstaller.msi"
sh=B6F79C763945CCB3EE7289F390B2787506322D2F ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Users\angie\AppData\Local\Temp\Smartbar\127aca2b-e411-47cc-9f90-6d40fc07b68f\LinkuryInstaller.msi"
sh=31D020E4B21930C9DAB92C13741F8B26E69FA79E ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Users\angie\AppData\Local\Temp\Smartbar\4776bbfa-4688-472e-a339-78fc9e492c23\LinkuryInstaller.msi"
sh=21E6BFD8299818F52F144A4A2DA2452E88BF58D0 ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Users\angie\AppData\Local\Temp\Smartbar\b3192a3a-04a0-4716-992a-466d5f5b2462\LinkuryInstaller.msi"
sh=21A3F8B9EF43C10255BF3C69BA4674B72EB7D609 ft=0 fh=0000000000000000 vn="Java/Agent.FI trojan" ac=I fn="C:\Windows.old\Users\angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\457676c3-6571a8cf"
sh=BA9CF2296D2EE10F0181DF2471BBB10B9637F3E5 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-1723.FO trojan" ac=I fn="C:\Windows.old\Users\angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\4b818a23-7e42698f"
sh=3FDFB7AEAAC76DBA4DC8C77B452E9AC015B659B4 ft=1 fh=e43d2002ef17bac7 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Windows.old\Users\angie\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.3.2.windows.exe"
sh=F5E97BBCE283F72D986AFAFA92DF188E72D515F4 ft=1 fh=b315b1b118c78d13 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Windows.old\Users\angie\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.3.8.windows.exe"
sh=3FDFB7AEAAC76DBA4DC8C77B452E9AC015B659B4 ft=1 fh=e43d2002ef17bac7 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Windows.old\Users\angie\Application Data\FrostWire\.AppSpecialShare\frostwire-5.3.2.windows.exe"
sh=F5E97BBCE283F72D986AFAFA92DF188E72D515F4 ft=1 fh=b315b1b118c78d13 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Windows.old\Users\angie\Application Data\FrostWire\.AppSpecialShare\frostwire-5.3.8.windows.exe"
sh=C344CB809ACAE29686A0C84BE3674B9AE66F75D3 ft=1 fh=20029562540122d4 vn="Win32/InstallMonetizer.AG potentially unwanted application" ac=I fn="C:\Windows.old\Users\angie\Local Settings\Temp\file.exe"
sh=9AACEFDBDE3B44E6CD0C1D1D022E765842E5E396 ft=1 fh=42a0482b247aec3e vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows.old\Users\angie\Local Settings\Temp\hsbing_717_active.exe"
sh=ED0FFF33D2DA9A36F99C67DB4BDF3C142E2F79DF ft=0 fh=0000000000000000 vn="Win32/SweetIM.K potentially unwanted application" ac=I fn="C:\Windows.old\Users\angie\Local Settings\Temp\mgsqlite3.7z"
sh=C8F1E3F28152C6C010B7AE8FA4D167E3C388FF0C ft=1 fh=84ff0b58ed098a1d vn="Win32/SweetIM.K potentially unwanted application" ac=I fn="C:\Windows.old\Users\angie\Local Settings\Temp\mgsqlite3.dll"
sh=C070B9AF00E86BC9535004002157969B3DA9CD31 ft=1 fh=83608e10c237ab94 vn="a variant of Win32/SweetIM.C potentially unwanted application" ac=I fn="C:\Windows.old\Users\angie\Local Settings\Temp\Shortcut_sweetpacks_562013.exe"
sh=BB56E94C70642CF4371CF4D29FF2E31D4C1F4331 ft=1 fh=1e23617a5cfdca37 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Users\angie\Local Settings\Temp\svcboot.dll"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Users\angie\Local Settings\Temp\{5E3FE3CD-603C-487F-BDA0-6F73F07F1EA7}.dll"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Users\angie\Local Settings\Temp\{7DE1954D-C717-4C13-BD6A-5B02AEDE32FB}.dll"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Users\angie\Local Settings\Temp\{C7452FEE-4DDB-4632-ADBA-31FBBB246113}.dll"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Users\angie\Local Settings\Temp\{D92D2DEC-D009-46DC-8CDE-FEA0660D122F}.dll"
sh=4EFF85B22D0DB50A315C64B436797B9F20EBAA99 ft=1 fh=5009c0fdf5a1e8bb vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Users\angie\Local Settings\Temp\{E9C45892-5E89-490B-9952-4B99DBECC2A8}.dll"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Users\angie\Local Settings\Temp\{F751405F-393E-47DD-8D5E-508B1374996B}.dll"
sh=470CFC5C5270CFFF4E4E6ED40FB42621CC9ECF10 ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Users\angie\Local Settings\Temp\Smartbar\LinkuryInstaller.msi"
sh=B287E79D3689132DFD25667C194CD14787DE0815 ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Users\angie\Local Settings\Temp\Smartbar\03f747f3-50c7-4d66-9b1c-ff3a3966ffe9\LinkuryInstaller.msi"
sh=B6F79C763945CCB3EE7289F390B2787506322D2F ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Users\angie\Local Settings\Temp\Smartbar\127aca2b-e411-47cc-9f90-6d40fc07b68f\LinkuryInstaller.msi"
sh=31D020E4B21930C9DAB92C13741F8B26E69FA79E ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Users\angie\Local Settings\Temp\Smartbar\4776bbfa-4688-472e-a339-78fc9e492c23\LinkuryInstaller.msi"
sh=21E6BFD8299818F52F144A4A2DA2452E88BF58D0 ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Users\angie\Local Settings\Temp\Smartbar\b3192a3a-04a0-4716-992a-466d5f5b2462\LinkuryInstaller.msi"
sh=D7463F7DCDDAD8D980A03E3E7D5292631649EEA7 ft=0 fh=0000000000000000 vn="a variant of Win32/SweetIM.L potentially unwanted application" ac=I fn="C:\Windows.old\Windows\Installer\43bc10b.msi"
sh=9416314DF6AB9F54EC403E08A52E2B3DF412845F ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\Windows.old\Windows\Installer\848f882.msi"
sh=B9FC82819237DF1B959CC03DE0B44C75686520FE ft=1 fh=9eb5a6909c749019 vn="a variant of Win32/Toolbar.Perion.H potentially unwanted application" ac=I fn="C:\Windows.old\Windows\System32\ARFC\wrtc.exe"
sh=58FD5BFD5621171F4F1C69389E3ACA9BC3C80F64 ft=1 fh=ee2985aba3d07ac3 vn="Win32/SweetIM.J potentially unwanted application" ac=I fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55E7860Q\SkywalkerSetup[1].exe"
sh=36B7B96EB53DA16D1FF11B7E9FF7F5CB50B32611 ft=1 fh=c25161fd9a01116d vn="a variant of Win32/Wajam.G potentially unwanted application" ac=I fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55E7860Q\wajam_update[1].004"
sh=047213D3F6891869703569078B5A2F127F299EBE ft=1 fh=9c2d364d476a9e9d vn="a variant of Win32/Wajam.D potentially unwanted application" ac=I fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55E7860Q\wajam_update[2].004"
sh=6B97D6844255D47302665BE4EB504893477EFA9C ft=1 fh=edd6a7ebcaa5d0c2 vn="a variant of Win32/Toolbar.Perion.G potentially unwanted application" ac=I fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55E7860Q\WSSetup[1].exe"
sh=1A739914A874A42A4520CE05D8B8761A884ADFB7 ft=1 fh=de394184ef561da5 vn="a variant of Win32/Toolbar.Perion.G potentially unwanted application" ac=I fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55E7860Q\WSSetup[2].exe"
sh=3FCDDDFFA523FD30995BD7F1EE90AD1DAFF05C22 ft=1 fh=eb68e71596000e50 vn="Win32/SweetIM.J potentially unwanted application" ac=I fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\93GEF2DF\SkywalkerSetup[2].exe"
sh=D9EE6B80A0799254672CEDD44F173BD38A604757 ft=1 fh=28f332d88c5a495a vn="a variant of Win32/Toolbar.Perion.H potentially unwanted application" ac=I fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\93GEF2DF\SkywalkerSetup[3].exe"
sh=F7B58A3B35BB872D9EE18499D92E465ECF1B3F83 ft=1 fh=4658244f9732d57c vn="a variant of Win32/Toolbar.Perion.G potentially unwanted application" ac=I fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\93GEF2DF\update[1]"
sh=84EF2E619397368AF5B8BA3C4FAB4BB775BE9021 ft=1 fh=dd07fe4fdce68f9d vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\93GEF2DF\update[2]"
sh=C2937B7E2619AF42C1CFA13E061C6A0F9133B2BB ft=1 fh=7e032cfc8e1258d7 vn="a variant of Win32/Wajam.D potentially unwanted application" ac=I fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\93GEF2DF\wajam_update[1].007"
sh=368CF1D82743DEA9535487984406DD6C46D74826 ft=1 fh=1faa9e135822b4ec vn="a variant of Win32/Wajam.G potentially unwanted application" ac=I fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZBX4VDO\wajam_update[1].004"
sh=C2937B7E2619AF42C1CFA13E061C6A0F9133B2BB ft=1 fh=7e032cfc8e1258d7 vn="a variant of Win32/Wajam.D potentially unwanted application" ac=I fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZBX4VDO\wajam_update[1].018"
sh=C9AE242E9680F6E470392C6C215DD55BD07FE2D4 ft=1 fh=d4b0879f4d00966c vn="a variant of Win32/Wajam.G potentially unwanted application" ac=I fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X0BVDV7E\wajam_update[1].004"
sh=C9AE242E9680F6E470392C6C215DD55BD07FE2D4 ft=1 fh=d4b0879f4d00966c vn="a variant of Win32/Wajam.G potentially unwanted application" ac=I fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X0BVDV7E\wajam_update[2].004"
sh=DC287D9AF69775BBB2DB89A00A3DF4E9DB35C46F ft=1 fh=298a8d7888b4be83 vn="a variant of Win32/Wajam.G potentially unwanted application" ac=I fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X0BVDV7E\wajam_update[3].004"
sh=36B7B96EB53DA16D1FF11B7E9FF7F5CB50B32611 ft=1 fh=c25161fd9a01116d vn="a variant of Win32/Wajam.G potentially unwanted application" ac=I fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X0BVDV7E\wajam_update[4].004"
sh=F0583DDAE95D2C50EE017A7B16941AFBC9E004D5 ft=1 fh=72c2adac041db1f9 vn="a variant of Win32/Toolbar.Perion.G potentially unwanted application" ac=I fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X0BVDV7E\WSSetup[1].exe"
sh=84577EB0DE6DFEF55BC04F52AE1F5F3E2068D3AC ft=1 fh=d5ed4e4f25a0e0a0 vn="a variant of Win32/Toolbar.Perion.H potentially unwanted application" ac=I fn="C:\Windows.old\Windows\System32\jmdp\lmrn.dll"
sh=4355403823B442E0C375C6E26F291F4F4066FAFB ft=1 fh=afd92d15453d2679 vn="a variant of Win32/Toolbar.Perion.H potentially unwanted application" ac=I fn="C:\Windows.old\Windows\System32\jmdp\stij.exe"
sh=744375A5C2B4759894AA16EE6FA388FCE4FD1FF6 ft=1 fh=568b9d2f23cf98a6 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Windows\System32\orfhl\ccp_fchfqmgum.dll"
sh=A48B3010125EC14AA1799174AE1238450F8E43DC ft=1 fh=d8e6e71fd6128602 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Windows\System32\orfhl\Director_ypebthjan.dll"
sh=CCE52C7D00F1A2DD7C20CBA328F9A56BF48B8D54 ft=1 fh=76e91da25f794cd7 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Windows\System32\orfhl\dprx_chuvacibd.dll"
sh=A6E8ECDDA6CACA92298DF201BFD7687415CDF950 ft=1 fh=a257a27a251a8363 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Windows\System32\orfhl\ffe100_xoadkdnbo.dll"
sh=5753197203EC2F9FB98CA0B9BBAC08642606149A ft=1 fh=04d20c28f860b68b vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Windows\System32\orfhl\ffe110_mdcbtpqve.dll"
sh=92C5B218953C4BC4A89A04D4B7BAADB4F1485429 ft=1 fh=1649e164d8ade422 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Windows\System32\orfhl\ffe120_fmfdqwlns.dll"
sh=875EC0C06D0E7ED616321B892329670E10DC4BD1 ft=1 fh=cc7efd18e1bc8368 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Windows\System32\orfhl\ffe130_sgxfvgcif.dll"
sh=E3C1F926D28A27F490D6AE943953FE2854FFA4C7 ft=1 fh=ea809f9dbf7a0922 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Windows\System32\orfhl\ffe140_hvnbsjfcz.dll"
sh=FD87D36FEB390F4B73821F3B65878E233811A394 ft=1 fh=40fca65decdf29cf vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Windows\System32\orfhl\ffe150_vepdxqcun.dll"
sh=3ADF33A4537909D14C6B1A530329FB647D392B81 ft=1 fh=0ce23717c2079b93 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Windows\System32\orfhl\ffe160_ctjfidxpf.dll"
sh=FC623871EB8482F88551741D5C4F565AE17F74FF ft=1 fh=80684392d8a4da7c vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Windows\System32\orfhl\ffe170_xblhedohq.dll"
sh=22F24BDC9220AA2BF3B6A6888796E6B7C21D542D ft=1 fh=ae8935ec42cea9f3 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Windows\System32\orfhl\ffe180_eqbjbkrce.dll"
sh=7FC1762CDADCE23D3E6E10B9DF37CDF1D5A2D80D ft=1 fh=055b9341fa6c52b8 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Windows\System32\orfhl\ffe35_uoqmtfgwx.dll"
sh=CBB2B4AB157FA7EE4F1BA54AC6BD213DB9176ED3 ft=1 fh=db15e6d502c43a7a vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Windows\System32\orfhl\ffe36_jdsoqfbvk.dll"
sh=A13011CA71F4F001B6AA9ABBFF5BD672A839A37B ft=1 fh=7e9d83f0c854628e vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Windows\System32\orfhl\ffe3_sgacuxtsc.dll"
sh=C91DF7E463AF83C4180C23DA49A92D8B9BE5DE44 ft=1 fh=23bbe6c5f4b5929d vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Windows\System32\orfhl\ffe40_xhdedeaxm.dll"
sh=D1311EABFF7CA4D89BCC6DEBE1306A425E22F1FC ft=1 fh=2d7b36fe73a79415 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Windows\System32\orfhl\ffe50_ewfgmlvpi.dll"
sh=B39D45019F6E81B0F170720A7EE576CDBA1C1861 ft=1 fh=b8461aec26d8ad9e vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Windows\System32\orfhl\ffe60_zfiirlmkt.dll"
sh=D1AB23D5ACB299244F1A312E6B8069ECAF2637E2 ft=1 fh=2056ed54bb927850 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Windows\System32\orfhl\ffe70_gybkoepch.dll"
sh=9043548C673EFF58CD16634D9DE9212B558168F7 ft=1 fh=05e6dd5ac78e841d vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Windows\System32\orfhl\ffe80_uoqmtfgwx.dll"
sh=2C1DA7F8256D3C2E3FFC18EC4E25B0F9F1574A8B ft=1 fh=ee340fc355824074 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Windows\System32\orfhl\ffe90_jdsoqfbvk.dll"
sh=09F211905F6BCFA4A9AAC9251493297F786C9F5B ft=1 fh=54bd611252bc676b vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Windows\System32\orfhl\ffe_gsbudywag.dll"
sh=13D2398FB6B72559DB4051DF1E4C49F364A013D5 ft=1 fh=8063b145b5501b74 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Windows\System32\orfhl\mcapp_baifrzalx.dll"
sh=549D80C369EE08397C24AAC64ECD4B59F884D17B ft=1 fh=77e95005b42f033a vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Windows\System32\orfhl\mca_gsbudywag.dll"
sh=26E36DAB7A19F71D2CF0CFF9044841028F2CD25B ft=1 fh=fda641989203b951 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Windows\System32\orfhl\mcff_ldosgyuis.dll"
sh=DBB25F09F6AB283CFB97F1F36130CF8F56DE6298 ft=1 fh=849d75cf6ccc269f vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Windows\System32\orfhl\mcgc_jdsoqfbvk.dll"
sh=04761D6D26AB3C6811E9F9CE47712592782A4BAB ft=1 fh=8411366ca99326d0 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Windows\System32\orfhl\mcie_geewisoev.dll"
sh=A32D69A7E6BEB7C175A36B6F951DE8DD3F34A8A1 ft=1 fh=ce22125f12409c67 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Windows\System32\orfhl\mck_psjpdnfsl.dll"
sh=3303EB345475EFBE5208DECFFDAE3D6197F1AEA4 ft=1 fh=a6d43c19506649e9 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Windows\System32\orfhl\mclmd_utevjaumm.dll"
sh=949F0A122DA2C47D793DF0DA2940E0DEBA0EC8F3 ft=1 fh=b95ae8da2f48f6ed vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Windows\System32\orfhl\mcmsg_ygyidnher.dll"
sh=99DAFD171E673C30A1891C9D6257A4125391EBD2 ft=1 fh=79c56ca28ce6bf83 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Windows\System32\orfhl\mcoexp_baetxhphw.dll"
sh=3181319675D1873460F5B99F826C23E8B407F7D2 ft=1 fh=183c69494e116b2a vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Windows\System32\orfhl\mco_mbwlntrbw.dll"
sh=CFF1971E43EE7E6FA95B54DF5B470837A8290E0C ft=1 fh=1b4d856cb73cebab vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Windows\System32\orfhl\mcsc_ughgxzgfx.dll"
sh=7360B324B3FBDA5B2498CAB598747F84055F25D1 ft=1 fh=719c6235de6c4920 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Windows\System32\orfhl\mcy_qmsfgicnt.dll"
sh=0D082C4AAF3E5A9840F14548965D58367EFEF7F8 ft=1 fh=8279321610eeeccb vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Windows\System32\orfhl\proxy.dll"
sh=6DBAFB6173726421EA591DF174EFAD17F120CA22 ft=1 fh=1891eb540c7ff623 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Windows\System32\orfhl\shim_firebomud.dll"
sh=BB56E94C70642CF4371CF4D29FF2E31D4C1F4331 ft=1 fh=1e23617a5cfdca37 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Windows\System32\orfhl\svcboot_wlcdnzcwh.dll"
sh=F7B58A3B35BB872D9EE18499D92E465ECF1B3F83 ft=1 fh=4658244f9732d57c vn="a variant of Win32/Toolbar.Perion.G potentially unwanted application" ac=I fn="C:\Windows.old\Windows\Temp\INJ001\ExtensionUpdate.exe"
sh=84EF2E619397368AF5B8BA3C4FAB4BB775BE9021 ft=1 fh=dd07fe4fdce68f9d vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows.old\Windows\Temp\INJ002\ExtensionUpdate.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=fc99f13f9f04f84c88001ebc3c2b0947
# engine=22236
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-01-31 08:16:37
# local_time=2015-01-31 02:16:37 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 7898065 45564591 0 0
# scanned=821402
# found=143
# cleaned=95
# scan_time=24602
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Temp\{7DE1954D-C717-4C13-BD6A-5B02AEDE32FB}.dll"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Temp\{C7452FEE-4DDB-4632-ADBA-31FBBB246113}.dll"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Temp\{D92D2DEC-D009-46DC-8CDE-FEA0660D122F}.dll"
sh=4EFF85B22D0DB50A315C64B436797B9F20EBAA99 ft=1 fh=5009c0fdf5a1e8bb vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Temp\{E9C45892-5E89-490B-9952-4B99DBECC2A8}.dll"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Temp\{F751405F-393E-47DD-8D5E-508B1374996B}.dll"
sh=470CFC5C5270CFFF4E4E6ED40FB42621CC9ECF10 ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Temp\Smartbar\LinkuryInstaller.msi"
sh=B287E79D3689132DFD25667C194CD14787DE0815 ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Temp\Smartbar\03f747f3-50c7-4d66-9b1c-ff3a3966ffe9\LinkuryInstaller.msi"
sh=B6F79C763945CCB3EE7289F390B2787506322D2F ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Temp\Smartbar\127aca2b-e411-47cc-9f90-6d40fc07b68f\LinkuryInstaller.msi"
sh=31D020E4B21930C9DAB92C13741F8B26E69FA79E ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Temp\Smartbar\4776bbfa-4688-472e-a339-78fc9e492c23\LinkuryInstaller.msi"
sh=21E6BFD8299818F52F144A4A2DA2452E88BF58D0 ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Temp\Smartbar\b3192a3a-04a0-4716-992a-466d5f5b2462\LinkuryInstaller.msi"
sh=3FDFB7AEAAC76DBA4DC8C77B452E9AC015B659B4 ft=1 fh=e43d2002ef17bac7 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\angie\Application Data\FrostWire\.AppSpecialShare\frostwire-5.3.2.windows.exe"
sh=F5E97BBCE283F72D986AFAFA92DF188E72D515F4 ft=1 fh=b315b1b118c78d13 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\angie\Application Data\FrostWire\.AppSpecialShare\frostwire-5.3.8.windows.exe"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\angie\Local Settings\Temp\{7DE1954D-C717-4C13-BD6A-5B02AEDE32FB}.dll"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\angie\Local Settings\Temp\{C7452FEE-4DDB-4632-ADBA-31FBBB246113}.dll"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\angie\Local Settings\Temp\{D92D2DEC-D009-46DC-8CDE-FEA0660D122F}.dll"
sh=4EFF85B22D0DB50A315C64B436797B9F20EBAA99 ft=1 fh=5009c0fdf5a1e8bb vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\angie\Local Settings\Temp\{E9C45892-5E89-490B-9952-4B99DBECC2A8}.dll"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\angie\Local Settings\Temp\{F751405F-393E-47DD-8D5E-508B1374996B}.dll"
sh=470CFC5C5270CFFF4E4E6ED40FB42621CC9ECF10 ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\Local Settings\Temp\Smartbar\LinkuryInstaller.msi"
sh=B287E79D3689132DFD25667C194CD14787DE0815 ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\Local Settings\Temp\Smartbar\03f747f3-50c7-4d66-9b1c-ff3a3966ffe9\LinkuryInstaller.msi"
sh=B6F79C763945CCB3EE7289F390B2787506322D2F ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\Local Settings\Temp\Smartbar\127aca2b-e411-47cc-9f90-6d40fc07b68f\LinkuryInstaller.msi"
sh=31D020E4B21930C9DAB92C13741F8B26E69FA79E ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\Local Settings\Temp\Smartbar\4776bbfa-4688-472e-a339-78fc9e492c23\LinkuryInstaller.msi"
sh=21E6BFD8299818F52F144A4A2DA2452E88BF58D0 ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\angie\Local Settings\Temp\Smartbar\b3192a3a-04a0-4716-992a-466d5f5b2462\LinkuryInstaller.msi"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Users\angie\AppData\Local\Temp\{7DE1954D-C717-4C13-BD6A-5B02AEDE32FB}.dll"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Users\angie\AppData\Local\Temp\{C7452FEE-4DDB-4632-ADBA-31FBBB246113}.dll"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Users\angie\AppData\Local\Temp\{D92D2DEC-D009-46DC-8CDE-FEA0660D122F}.dll"
sh=4EFF85B22D0DB50A315C64B436797B9F20EBAA99 ft=1 fh=5009c0fdf5a1e8bb vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Users\angie\AppData\Local\Temp\{E9C45892-5E89-490B-9952-4B99DBECC2A8}.dll"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Users\angie\AppData\Local\Temp\{F751405F-393E-47DD-8D5E-508B1374996B}.dll"
sh=470CFC5C5270CFFF4E4E6ED40FB42621CC9ECF10 ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Users\angie\AppData\Local\Temp\Smartbar\LinkuryInstaller.msi"
sh=B287E79D3689132DFD25667C194CD14787DE0815 ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Users\angie\AppData\Local\Temp\Smartbar\03f747f3-50c7-4d66-9b1c-ff3a3966ffe9\LinkuryInstaller.msi"
sh=B6F79C763945CCB3EE7289F390B2787506322D2F ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Users\angie\AppData\Local\Temp\Smartbar\127aca2b-e411-47cc-9f90-6d40fc07b68f\LinkuryInstaller.msi"
sh=31D020E4B21930C9DAB92C13741F8B26E69FA79E ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Users\angie\AppData\Local\Temp\Smartbar\4776bbfa-4688-472e-a339-78fc9e492c23\LinkuryInstaller.msi"
sh=21E6BFD8299818F52F144A4A2DA2452E88BF58D0 ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Users\angie\AppData\Local\Temp\Smartbar\b3192a3a-04a0-4716-992a-466d5f5b2462\LinkuryInstaller.msi"
sh=21A3F8B9EF43C10255BF3C69BA4674B72EB7D609 ft=0 fh=0000000000000000 vn="Java/Agent.FI trojan" ac=I fn="C:\Windows.old\Users\angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\457676c3-6571a8cf"
sh=BA9CF2296D2EE10F0181DF2471BBB10B9637F3E5 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-1723.FO trojan" ac=I fn="C:\Windows.old\Users\angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\4b818a23-7e42698f"
sh=3FDFB7AEAAC76DBA4DC8C77B452E9AC015B659B4 ft=1 fh=e43d2002ef17bac7 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Windows.old\Users\angie\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.3.2.windows.exe"
sh=F5E97BBCE283F72D986AFAFA92DF188E72D515F4 ft=1 fh=b315b1b118c78d13 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Windows.old\Users\angie\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.3.8.windows.exe"
sh=3FDFB7AEAAC76DBA4DC8C77B452E9AC015B659B4 ft=1 fh=e43d2002ef17bac7 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Windows.old\Users\angie\Application Data\FrostWire\.AppSpecialShare\frostwire-5.3.2.windows.exe"
sh=F5E97BBCE283F72D986AFAFA92DF188E72D515F4 ft=1 fh=b315b1b118c78d13 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Windows.old\Users\angie\Application Data\FrostWire\.AppSpecialShare\frostwire-5.3.8.windows.exe"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Users\angie\Local Settings\Temp\{7DE1954D-C717-4C13-BD6A-5B02AEDE32FB}.dll"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Users\angie\Local Settings\Temp\{C7452FEE-4DDB-4632-ADBA-31FBBB246113}.dll"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Users\angie\Local Settings\Temp\{D92D2DEC-D009-46DC-8CDE-FEA0660D122F}.dll"
sh=4EFF85B22D0DB50A315C64B436797B9F20EBAA99 ft=1 fh=5009c0fdf5a1e8bb vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Users\angie\Local Settings\Temp\{E9C45892-5E89-490B-9952-4B99DBECC2A8}.dll"
sh=8C3A650847AE7F9F1A81797CA054F9BD4390E41C ft=1 fh=a72fefb81a0121da vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows.old\Users\angie\Local Settings\Temp\{F751405F-393E-47DD-8D5E-508B1374996B}.dll"
sh=470CFC5C5270CFFF4E4E6ED40FB42621CC9ECF10 ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Users\angie\Local Settings\Temp\Smartbar\LinkuryInstaller.msi"
sh=B287E79D3689132DFD25667C194CD14787DE0815 ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Users\angie\Local Settings\Temp\Smartbar\03f747f3-50c7-4d66-9b1c-ff3a3966ffe9\LinkuryInstaller.msi"
sh=B6F79C763945CCB3EE7289F390B2787506322D2F ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Users\angie\Local Settings\Temp\Smartbar\127aca2b-e411-47cc-9f90-6d40fc07b68f\LinkuryInstaller.msi"
sh=31D020E4B21930C9DAB92C13741F8B26E69FA79E ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Users\angie\Local Settings\Temp\Smartbar\4776bbfa-4688-472e-a339-78fc9e492c23\LinkuryInstaller.msi"
sh=21E6BFD8299818F52F144A4A2DA2452E88BF58D0 ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows.old\Users\angie\Local Settings\Temp\Smartbar\b3192a3a-04a0-4716-992a-466d5f5b2462\LinkuryInstaller.msi"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Application Data\Temp\{7DE1954D-C717-4C13-BD6A-5B02AEDE32FB}.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Application Data\Temp\{C7452FEE-4DDB-4632-ADBA-31FBBB246113}.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Application Data\Temp\{D92D2DEC-D009-46DC-8CDE-FEA0660D122F}.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Application Data\Temp\{E9C45892-5E89-490B-9952-4B99DBECC2A8}.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Application Data\Temp\{F751405F-393E-47DD-8D5E-508B1374996B}.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Application Data\Temp\Smartbar\LinkuryInstaller.msi"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Application Data\Temp\Smartbar\03f747f3-50c7-4d66-9b1c-ff3a3966ffe9\LinkuryInstaller.msi"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Application Data\Temp\Smartbar\127aca2b-e411-47cc-9f90-6d40fc07b68f\LinkuryInstaller.msi"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Application Data\Temp\Smartbar\4776bbfa-4688-472e-a339-78fc9e492c23\LinkuryInstaller.msi"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Documents and Settings\angie\AppData\Local\Application Data\Temp\Smartbar\b3192a3a-04a0-4716-992a-466d5f5b2462\LinkuryInstaller.msi"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Java/Agent.FI trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Windows.old\Documents and Settings\angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\457676c3-6571a8cf"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-1723.FO trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Windows.old\Documents and Settings\angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\4b818a23-7e42698f"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Documents and Settings\angie\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.3.2.windows.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/OpenCandy potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Documents and Settings\angie\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.3.8.windows.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.MyWebSearch.AN potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\5qbarsvc.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\5qbrstub.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\5qdatact.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\5qdyn.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\5qfeedmg.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\5qhtmlmu.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\5qhttpct.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\5qimpipe.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\5qmlbtn.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\5qmsg.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\5qscript.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\5qskin.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\5qsknlcr.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\5qtpinst.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\5quabtn.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\CREXT.DLL"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\CrExtP5q.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\T8EXTEX.DLL"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\T8EXTPEX.DLL"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Program Files\Zwinky_5q\bar\1.bin\T8TICKER.DLL"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/SweetIM.L potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\Installer\43bc10b.msi"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\Installer\848f882.msi"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Perion.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\ARFC\wrtc.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/SweetIM.J potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55E7860Q\SkywalkerSetup[1].exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Wajam.G potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55E7860Q\wajam_update[1].004"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Wajam.D potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55E7860Q\wajam_update[2].004"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Perion.G potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55E7860Q\WSSetup[1].exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Perion.G potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55E7860Q\WSSetup[2].exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/SweetIM.J potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\93GEF2DF\SkywalkerSetup[2].exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Perion.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\93GEF2DF\SkywalkerSetup[3].exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Perion.G potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\93GEF2DF\update[1]"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\93GEF2DF\update[2]"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Wajam.D potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\93GEF2DF\wajam_update[1].007"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Wajam.G potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZBX4VDO\wajam_update[1].004"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Wajam.D potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZBX4VDO\wajam_update[1].018"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Wajam.G potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X0BVDV7E\wajam_update[1].004"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Wajam.G potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X0BVDV7E\wajam_update[2].004"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Wajam.G potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X0BVDV7E\wajam_update[3].004"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Wajam.G potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X0BVDV7E\wajam_update[4].004"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Perion.G potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X0BVDV7E\WSSetup[1].exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Perion.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\jmdp\lmrn.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Perion.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\jmdp\stij.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\orfhl\ccp_fchfqmgum.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\orfhl\Director_ypebthjan.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\orfhl\dprx_chuvacibd.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\orfhl\ffe100_xoadkdnbo.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\orfhl\ffe110_mdcbtpqve.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\orfhl\ffe120_fmfdqwlns.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\orfhl\ffe130_sgxfvgcif.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\orfhl\ffe140_hvnbsjfcz.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\orfhl\ffe150_vepdxqcun.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\orfhl\ffe160_ctjfidxpf.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\orfhl\ffe170_xblhedohq.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\orfhl\ffe180_eqbjbkrce.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\orfhl\ffe35_uoqmtfgwx.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\orfhl\ffe36_jdsoqfbvk.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\orfhl\ffe3_sgacuxtsc.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\orfhl\ffe40_xhdedeaxm.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\orfhl\ffe50_ewfgmlvpi.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\orfhl\ffe60_zfiirlmkt.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\orfhl\ffe70_gybkoepch.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\orfhl\ffe80_uoqmtfgwx.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\orfhl\ffe90_jdsoqfbvk.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\orfhl\ffe_gsbudywag.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\orfhl\mcapp_baifrzalx.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\orfhl\mca_gsbudywag.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\orfhl\mcff_ldosgyuis.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\orfhl\mcgc_jdsoqfbvk.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\orfhl\mcie_geewisoev.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\orfhl\mck_psjpdnfsl.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\orfhl\mclmd_utevjaumm.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\orfhl\mcmsg_ygyidnher.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\orfhl\mcoexp_baetxhphw.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\orfhl\mco_mbwlntrbw.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\orfhl\mcsc_ughgxzgfx.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\orfhl\mcy_qmsfgicnt.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\orfhl\proxy.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\orfhl\shim_firebomud.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\System32\orfhl\svcboot_wlcdnzcwh.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Perion.G potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\Temp\INJ001\ExtensionUpdate.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Windows\Temp\INJ002\ExtensionUpdate.exe"

#10
Valinorum

Posted 31 January 2015 - 11:35 PM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

How is your PC?

#11
TerasMinus

Posted 01 February 2015 - 08:26 AM

Member

Topic Starter
Member
51 posts

Its been running much better. Havent had it redirect the browser, no ads outside of the normal ones. Trying to watch what the other people do on here to avoid anymore mishaps

#12
Valinorum

Posted 01 February 2015 - 11:50 PM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

Perusing your logs, I see no infection currently present in your system. Unless you are having any issue(s), the machine appears to be Malware-free as we speak.

♣ Removal of Tools and Quarantined Files ♣

Despite the tools we have used are clean, they are powerful removal tools and made in a way so that they carry out any commands given to them without (most cases) asking for a confirmation. In the hands of an inept person, they can make the machine un-bootable -- a scenario we do not wish to see. Also, we need to remove the quarantined files/folders from your system as a dormant malware can be as bad as an active one if given the proper environment. I shall now give you the guidelines to remove the tools and the quarantined files from your system.

Cleanup with Delfix
Please download DelFix by Xplode to your Desktop.
Download Link
- Double-click to run the program;
  - Note: Windows Vista/7/8 users right-click and choose Run as administrator
- Make sure that all the boxes are checked;
- Click Run;
- A log will be opened after the operation is finished;
- Copy and Paste it in your next reply

♣ Prevention and Future Guidelines ♣

Prevention is better than cure -- goes the old saying. As much as we love to see you visit our site, we do not want to see you having your PC infected by malwares again.

Keep Windows up-to-date.
It is extremely important that you keep your operating system (Windows) updated when updates are made available. It is set to alert you, so be sure not to ignore these notices and to allow the updates to install. Many of these are critical security packages which could very possibly be the difference between your picking up a future infiltration and simply passing right by it unharmed.
Run antivirus software and keep it up-to-date, too.
Antivirus software is your safety net if all other protections fail. The first line of defense is smart computing, of course, but everyone needs a backup. I'd recommend Microsoft Security Essentials or avast!, both of which are excellent, as well as free. Once they're installed, check periodically to ensure they have been successfully updating as well. An out-of-date antivirus is not a happy antivirus!
Keep your web browser plugins and other programs updated also.
This tip is rarely shared by technicians and its importance is not widely recognized, but it's absolutely critical. Programs such as Java, Adobe Flash Player and Adobe Reader, Internet Explorer, and myriad other such web-exposed items are deeply vulnerable to attack, which can quickly lead to a hopelessly infected system no matter what protection you currently have installed. The reason is that these programs are ubiquitous, but are also not perfect and are extremely complex... and as such, security vulnerabilities are discovered and exploited by hackers hoping to gain control over your machine. By performing every update for these programs as soon as it's made available, you will greatly reduce your exposure to dangerous internet threats.

A great way to do this is to install the Filehippo Update Checker and run it regularly. Also, try not to ignore any notifications you receive regarding updates to programs already installed on your PC.

No scripts is an excellent security device too. I like it but it is not for everyone because it requires you to take action if you want to see some things (pop ups, banners etc.) on sites you visit.

Download NoSript by Giorgio Maone.

Note: Sometimes you will get a site telling you that you need to install Java when actually all you need to do is enable the site through the no script icon down on the right hand side of your computer.
Watch out for new threat named CryptoLocker
CryptoLocker is a new type ransomware family malware that encrypts your important files and asks for a ransom to decrypt them. At the moment of posting this reply there are no tools that can undo the havoc this malware causes. We can help you to remove the malware from your system but the files that was encrypted cannot be recovered without the decryption key. So, I ask for your forbearance and practice constant vigilance. Please read the following article to acknowledge yourself about the safety measures.
How to prevent your computer from becoming infected by CryptoLocker.
And last of all, surf smart.
It doesn't matter how well the autopilot system works if the pilot keeps flying the plane into mountain ranges. Don't forget that no matter how much you have protecting yourself, your security ultimately begins and ends with you. Don't visit dangerous or questionable web sites, avoid suspicious links on Facebook and emails/email attachments you're unsure about, and just generally keep your wits about you, and you'll be much safer. Also, avoid illegal downloads, cracks, "warez", and all other too-good-to-be-true internet offerings: they're typically laden with malware. Be smart and you can avoid most threats lurking about the darker corners of the internet! And for even more tips, see our article, How Did I Get Infected in the First Place?

Regards,
Valinorum

#13
TerasMinus

Posted 02 February 2015 - 07:03 PM

Member

Topic Starter
Member
51 posts

Here is that log, sir.

# DelFix v10.8 - Logfile created 02/02/2015 at 18:54:37

# Updated 29/07/2014 by Xplode

# Username : Crowder - CROWDER-PC

# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST

Deleted : C:\AdwCleaner

Deleted : C:\Users\Crowder\Desktop\FRST-OlderVersion

Deleted : C:\Users\Crowder\Desktop\Addition.txt

Deleted : C:\Users\Crowder\Desktop\AdwCleaner.exe

Deleted : C:\Users\Crowder\Desktop\AdwCleaner[S0].txt

Deleted : C:\Users\Crowder\Desktop\Extras.Txt

Deleted : C:\Users\Crowder\Desktop\Fixlog.txt

Deleted : C:\Users\Crowder\Desktop\FRST.txt

Deleted : C:\Users\Crowder\Desktop\FRST64.exe

Deleted : C:\Users\Crowder\Desktop\JRT.exe

Deleted : C:\Users\Crowder\Desktop\JRT.txt

Deleted : C:\Users\Crowder\Desktop\log.txt

Deleted : C:\Users\Crowder\Desktop\OTL.Txt

Deleted : C:\Users\Crowder\Desktop\Shortcut.txt

Deleted : C:\Users\Crowder\Downloads\esetsmartinstaller_enu.exe

Deleted : C:\Users\Crowder\Downloads\Extras.Txt

Deleted : C:\Users\Crowder\Downloads\FRST64.exe

Deleted : C:\Users\Crowder\Downloads\OTL.Txt

Deleted : C:\Users\Crowder\Downloads\OTL.exe

Deleted : HKLM\SOFTWARE\OldTimer Tools

Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

I thank you for your time. I had never heard of ransomware before, which makes me realize just how long i've been away from computers.

#14
Valinorum

Posted 02 February 2015 - 10:23 PM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.